CVE-2024-13113

CVE-2024-13113: Countdown Timer for Elementor < 1.3.7 - Contributor+ Stored XSS

Vendor Unknown
Product Countdown Timer for Elementor
Published February 26, 2025
Last update February 26, 2025

CVSS base score

What the vulnerability does

01Description

The Countdown Timer for Elementor WordPress plugin before 1.3.7 does not sanitise and escape some parameters when outputting them on the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks.

Key dates

02Disclosure timeline

February 26, 2025 CVE published
February 26, 2025 Record updated