{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-12668", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-11-03T21:32:15.302Z", "datePublished": "2025-11-11T03:30:48.513Z", "dateUpdated": "2026-04-08T17:18:47.751Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:18:47.751Z"}, "affected": [{"vendor": "sitedin", "product": "WP Count Down Timer", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.0.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The WP Count Down Timer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters of the 'wp_countdown_timer' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "title": "WP Count Down Timer <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bcbcad73-ce2a-4eb2-9b7f-91d47a93e16d?source=cve"}, {"url": "https://wordpress.org/plugins/wp-count-down-timer/"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-count-down-timer/tags/1.0.1/wp-count-down-timer.php#L69"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "zakaria"}], "timeline": [{"time": "2025-11-10T15:08:07.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-14T15:21:03.261569Z", "id": "CVE-2025-12668", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-14T15:30:31.321Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-12668", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-11-14T15:21:03.261569Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-14T15:21:03.870Z"}}], "cna": {"title": "WP Count Down Timer <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "credits": [{"lang": "en", "type": "finder", "value": "zakaria"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "sitedin", "product": "WP Count Down Timer", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "1.0.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-11-10T15:08:07.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bcbcad73-ce2a-4eb2-9b7f-91d47a93e16d?source=cve"}, {"url": "https://wordpress.org/plugins/wp-count-down-timer/"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-count-down-timer/tags/1.0.1/wp-count-down-timer.php#L69"}], "descriptions": [{"lang": "en", "value": "The WP Count Down Timer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters of the 'wp_countdown_timer' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-11-11T03:30:48.513Z"}}}, "cveMetadata": {"cveId": "CVE-2025-12668", "state": "PUBLISHED", "dateUpdated": "2025-11-14T15:30:31.321Z", "dateReserved": "2025-11-03T21:32:15.302Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-11-11T03:30:48.513Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The WP Count Down Timer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters of the 'wp_countdown_timer' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "id": "CVE-2025-12668", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-11-11T04:15:49.420", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/wp-count-down-timer/tags/1.0.1/wp-count-down-timer.php#L69"}, {"source": "security@wordfence.com", "url": "https://wordpress.org/plugins/wp-count-down-timer/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bcbcad73-ce2a-4eb2-9b7f-91d47a93e16d?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T01:44:23.364670+00:00", "value": {"mitigation_remediation": ["Upgrade to the latest WP Count Down Timer plugin version if one is available. ", "Restrict Contributor and higher role access on the site to prevent injection of malicious scripts. ", "Remove or disable the WP Count Down Timer plugin if it is not required for site functionality."], "summary": {"action": "Immediate Patch", "impact": "Stored Cross\u2011Site Scripting"}, "threat_synthesis": {"affected_systems": "All WordPress sites running WP Count Down Timer version 1.0.1 or earlier are affected. The plugin is distributed by sitedin under the name WP Count Down Timer.", "description_and_impact": "The WP Count Down Timer plugin is vulnerable to stored cross\u2011site scripting through several parameters of its shortcode, allowing an authenticated user with Contributor or higher access to inject arbitrary scripts. Such injected scripts will execute whenever the affected page is viewed, potentially compromising the confidentiality and integrity of the site and any users who view the page. The weakness stems from insufficient input sanitization and output escaping.", "risk_and_exploitability": "The CVSS score of 6.4 indicates a moderate severity. The EPSS score of less than 1% shows that exploitation is currently unlikely, and the vulnerability is not listed in the CISA KEV catalog. The attack requires authenticated access at the Contributor level or higher, but once the script is stored, it will affect any user who visits the injected page."}}}}, "created": "2025-11-12T12:42:58.574101+00:00", "updated": "2026-04-21T01:45:24.450005+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}