VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 5 known issues Latest disclosed May 17, 2023

Waiting: One-click countdowns Vulnerabilities

Review known vulnerability records for the WordPress plugin Waiting: One-click countdowns (`waiting`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2023-2757, CVE-2023-28659 and CVE-2023-4000, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
5
High or Critical
2
Patch Coverage
100%
Last Updated
Jan 22, 2024
Priority CVE Quick Links

Fast paths into Waiting: One-click countdowns CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
5
CVE-2023-28659 High No patch listed
CVE-2023-28659 Waiting: One-click countdowns SQL Injection

Waiting: One-click countdowns <= 0.6.2 - Authenticated (Subscriber+) SQL Injection via 'pbc_down[meta][id]'

CVE-2023-2757 High No patch listed
CVE-2023-2757 Waiting: One-click countdowns Stored Cross-Site Scripting

Waiting: One-click countdowns <= 0.6.2 - Missing Authorization Checks leading to Authenticated (Subscriber+) Stored Cross-Site Scripting

CVE-2023-4000 Medium No patch listed
CVE-2023-4000 Waiting: One-click countdowns Cross-Site Request Forgery

Waiting: One-click countdowns <= 0.6.2 - Cross-Site Request Forgery

CVE-2023-3999 Medium No patch listed
CVE-2023-3999 Waiting: One-click countdowns Authorization Bypass

Waiting: One-click countdowns <= 0.6.2 - Missing Authorization

CVE-2022-4954 Medium No patch listed
CVE-2022-4954 Waiting: One-click countdowns Stored Cross-Site Scripting

Waiting: One-click countdowns <= 0.6.2 - Authenticated (Administrator+) Cross-Site Scripting

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Waiting: One-click countdowns so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
5 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
0 critical and 2 high severity findings.
Recent CVEs
CVE-2023-2757, CVE-2023-28659 and CVE-2023-4000
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Waiting: One-click countdowns

Sorted by latest disclosure date so newly published issues surface first.

Plugin High Patched: No CVE-2023-2757
CVE-2023-2757: Waiting: One-click countdowns <= 0.6.2 - Missing Authorization Checks leading to Authenticated (Subscriber+) Stored Cross-Site Scripting

The Waiting: One-click countdowns plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on 'saveLang' functions in versions up to, and including, 0.6.2. This could lead to Cross-Site Scripting due to insufficient input sanitization and outpu...

Published
May 17, 2023
Patched Release
Not published
Affected Versions
Versions up to 0.6.2
Next Step
Open the full report for remediation notes and references.
Open CVE-2023-2757 Report Open CVE Reference
Plugin High Patched: No CVE-2023-28659
CVE-2023-28659: Waiting: One-click countdowns <= 0.6.2 - Authenticated (Subscriber+) SQL Injection via 'pbc_down[meta][id]'

The Waiting: One-click countdowns plugin for WordPress is vulnerable to time-based SQL Injection via the ‘pbc_down[meta][id]’ parameter of the pbc_save_downs AJAX action in versions up to, and including, 0.6.2 due to insufficient escaping on the user supplied parameter and lack o...

Published
Mar 22, 2023
Patched Release
Not published
Affected Versions
Versions up to 0.6.2
Next Step
Open the full report for remediation notes and references.
Open CVE-2023-28659 Report Open CVE Reference
Plugin Medium Patched: No CVE-2023-4000
CVE-2023-4000: Waiting: One-click countdowns <= 0.6.2 - Cross-Site Request Forgery

The Waiting: One-click countdowns plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.6.2. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to create and...

Published
Dec 23, 2022
Patched Release
Not published
Affected Versions
Versions up to 0.6.2
Next Step
Open the full report for remediation notes and references.
Open CVE-2023-4000 Report Open CVE Reference
Plugin Medium Patched: No CVE-2023-3999
CVE-2023-3999: Waiting: One-click countdowns <= 0.6.2 - Missing Authorization

The Waiting: One-click countdowns plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on its AJAX calls in versions up to, and including, 0.6.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above...

Published
Dec 23, 2022
Patched Release
Not published
Affected Versions
Versions up to 0.6.2
Next Step
Open the full report for remediation notes and references.
Open CVE-2023-3999 Report Open CVE Reference
Plugin Medium Patched: No CVE-2022-4954
CVE-2022-4954: Waiting: One-click countdowns <= 0.6.2 - Authenticated (Administrator+) Cross-Site Scripting

The Waiting: One-click countdowns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown name in versions up to, and including, 0.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

Published
Dec 23, 2022
Patched Release
Not published
Affected Versions
Versions up to 0.6.2
Next Step
Open the full report for remediation notes and references.
Open CVE-2022-4954 Report Open CVE Reference