CVE-2025-24719: WordPress Widget Countdown plugin <= 2.7.1 - Cross Site Scripting (XSS) vulnerability
Published Jan 24, 2025
·Updated
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevart Widget Countdown widget-countdown allows Stored XSS.This issue affects Widget Countdown: from n/a through <= 2.7.1.
Affected Software
1 affected component
WpDevArt Widget Countdown<=2.7.1
Remediation
Information
Update the WordPress Widget Countdown wordpress plugin to the latest available version (at least 2.7.2).
Event History
Jan 24, 2025
CVE Published
via MITRE·05:25 PM
Data Sourced
via MITRE·05:25 PM
DescriptionSeverityWeakness
Data Sourced
via NVD·06:15 PM
DescriptionSeverityWeakness
Frequently Asked Questions
1
What is the severity of CVE-2025-24719?
CVE-2025-24719 has a medium severity level due to its ability to allow stored Cross-site Scripting (XSS) attacks.
2
How do I fix CVE-2025-24719?
To fix CVE-2025-24719, update wpdevart Widget Countdown to version 2.7.2 or later.
3
Which versions are affected by CVE-2025-24719?
CVE-2025-24719 affects wpdevart Widget Countdown versions up to and including 2.7.1.
4
What type of vulnerability is CVE-2025-24719?
CVE-2025-24719 is categorized as a Cross-site Scripting (XSS) vulnerability.
5
Is there a workaround for CVE-2025-24719?
There is no specific workaround for CVE-2025-24719; the recommended solution is to update the plugin.