First published: Fri May 06 2022(Updated: )
Reflected Cross-Site Scripting (XSS) vulnerability in Adam Skaat's Countdown & Clock plugin on WordPress via &ycd_type vulnerable parameter.
Credit: audit@patchstack.com
Affected Software | Affected Version | How to fix |
---|---|---|
Edmonsoft Countdown Builder | <=2.3.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-29421 is a Reflected Cross-Site Scripting (XSS) vulnerability in Adam Skaat's Countdown & Clock plugin on WordPress.
CVE-2022-29421 has a severity rating of 6.1 (Medium).
The Edmonsoft Countdown Builder plugin versions up to and including 2.3.2 on WordPress are affected by CVE-2022-29421.
To fix CVE-2022-29421, update the Countdown & Clock plugin to version 2.3.3 or higher.
The CWE for CVE-2022-29421 is CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')).