CVE-2022-0601

CVE-2022-0601: Countdown & Clock < 2.2.9 - Reflected Cross-Site Scripting

Vendor Unknown

Product Countdown, Coming Soon, Maintenance – Countdown & Clock

Weakness CWE-79 · XSS

Published March 14, 2022

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Countdown, Coming Soon, Maintenance WordPress plugin before 2.2.9 does not sanitize and escape the post parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.

Key dates

02Disclosure timeline

March 14, 2022 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-0601

Related vulnerabilities

04Related CVE

CVE-2022-0965 Stored XSS viva .ofd file upload in star7th/showdoc CVE-2026-6048 Flipbox Addon for Elementor <= 2.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Attributes CVE-2018-11449 CVE-2025-23868 WordPress Chess Tempo Viewer plugin <= 0.9.5 - Stored Cross Site Scripting (XSS) vulnerability CVE-2025-9378 Vayu Blocks <= 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Block Attributes