The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the conditionsRow and switchCountdown functions in all versions up to, and including, 2.7.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject PHP Objects and modify the status of countdowns.
References
Configurations
History
21 Nov 2024, 09:08
Type | Values Removed | Values Added |
---|---|---|
References | () https://plugins.trac.wordpress.org/browser/countdown-builder/trunk/classes/Ajax.php#L51 - Product | |
References | () https://plugins.trac.wordpress.org/browser/countdown-builder/trunk/classes/Ajax.php#L92 - Product | |
References | () https://plugins.trac.wordpress.org/changeset/3096150/ - Patch | |
References | () https://plugins.trac.wordpress.org/changeset/3097588/ - Patch | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/d8fab229-cd6b-45a3-9e80-a03a1704ad3e?source=cve - Third Party Advisory |
25 Jul 2024, 13:02
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-862 | |
First Time |
Edmonsoft
Edmonsoft countdown Builder |
|
CPE | cpe:2.3:a:edmonsoft:countdown_builder:*:*:*:*:*:wordpress:*:* | |
References | () https://plugins.trac.wordpress.org/browser/countdown-builder/trunk/classes/Ajax.php#L51 - Product | |
References | () https://plugins.trac.wordpress.org/browser/countdown-builder/trunk/classes/Ajax.php#L92 - Product | |
References | () https://plugins.trac.wordpress.org/changeset/3096150/ - Patch | |
References | () https://plugins.trac.wordpress.org/changeset/3097588/ - Patch | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/d8fab229-cd6b-45a3-9e80-a03a1704ad3e?source=cve - Third Party Advisory |
06 Jun 2024, 14:17
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
06 Jun 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-06 03:15
Updated : 2024-11-21 09:08
NVD link : CVE-2024-2017
Mitre link : CVE-2024-2017
CVE.ORG link : CVE-2024-2017
JSON object : View
Products Affected
edmonsoft
- countdown_builder
CWE
CWE-862
Missing Authorization