Stored Cross-Site Scripting Vulnerability in Widget Countdown by Wpdevart
CVE-2025-47443
6.5MEDIUM
What is CVE-2025-47443?
The Widget Countdown plugin by Wpdevart is impacted by a stored Cross-site Scripting (XSS) vulnerability due to improper input neutralization during web page generation. This flaw, present in versions from n/a through 2.7.4, permits attackers to inject malicious scripts. When users interact with the affected product, these scripts can be executed, potentially compromising sensitive information or user accounts. It is crucial for users to apply updates and implement security measures to protect their WordPress sites from exploitation.
Affected Version(s)
Widget Countdown <= 2.7.4