SQL Injection Vulnerability in LambertGroup CountDown Plugin for WordPress
CVE-2025-68054

Currently unrated

Key Information:

Vendor: WordPress
Status: Countdown With Image Or Video Background
Vendor: CVE Published:; 16 December 2025

What is CVE-2025-68054?

The LambertGroup CountDown With Image or Video Background plugin for WordPress contains a vulnerability that allows for Blind SQL Injection. This security flaw occurs due to improper handling of special elements within SQL commands, making it possible for an attacker to manipulate database queries. Affected versions are all prior to and including 1.5, potentially compromising the integrity and security of the site.

Affected Version(s)

CountDown With Image or Video Background <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/coun...

vdb-entry

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 16, 2025
Vulnerability Reserved
Dec 15, 2025

Credit

Phat RiO - BlueRock | Patchstack Bug Bounty Program

JSON