CVE-2022-29421 MEDIUM

CVE-2022-29421: WordPress Countdown & Clock plugin <= 2.3.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Vendor Adam Skaat
Product Countdown & Clock (WordPress plugin)
Weakness CWE-79 · XSS
Published May 6, 2022
Last update April 28, 2026
View on NVD All CVEs

CVSS base score

4.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

What the vulnerability does

01Description

Reflected Cross-Site Scripting (XSS) vulnerability in Adam Skaat's Countdown & Clock plugin on WordPress via &ycd_type vulnerable parameter.

Key dates

02Disclosure timeline

May 6, 2022 CVE published
April 28, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-47349 WordPress WPMobile.App plugin <= 11.50 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2026-0868 EMC Scheduling Manager <= 4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via calendly Shortcode CVE-2024-43805 HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering CVE-2024-7008 Calibre Reflected Cross-Site Scripting (XSS) CVE-2024-51873 WordPress Multi-day Booking Calendar plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability