{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-2270", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-03-12T23:49:19.036Z", "datePublished": "2025-04-04T05:22:46.133Z", "dateUpdated": "2026-04-08T17:20:05.019Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:20:05.019Z"}, "affected": [{"vendor": "adamskaat", "product": "Countdown, Coming Soon, Maintenance \u2013 Countdown & Clock", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.8.9.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Countdown, Coming Soon, Maintenance \u2013 Countdown & Clock plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.8.9.1 via the createCdObj function. This makes it possible for unauthenticated attackers to include and execute files with the specific filenames on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in some cases."}], "title": "Countdown, Coming Soon, Maintenance \u2013 Countdown & Clock <= 2.8.9.1 - Unauthenticated Limited Local File Inclusion", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c2260d6b-1a41-4757-a063-8b8857ef416a?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/countdown-builder/trunk/classes/RegisterPostType.php#L116"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "cweId": "CWE-22", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.1, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Michael Mazzolini"}], "timeline": [{"time": "2025-03-07T00:00:00.000Z", "lang": "en", "value": "Discovered"}, {"time": "2025-04-03T16:22:47.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-04T13:06:20.862819Z", "id": "CVE-2025-2270", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-04T13:07:41.132Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-2270", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-04T13:06:20.862819Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-04T13:07:34.529Z"}}], "cna": {"title": "Countdown, Coming Soon, Maintenance \u2013 Countdown & Clock <= 2.8.9.1 - Unauthenticated Limited Local File Inclusion", "credits": [{"lang": "en", "type": "finder", "value": "Michael Mazzolini"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "adamskaat", "product": "Countdown, Coming Soon, Maintenance \u2013 Countdown & Clock", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "2.8.9.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-03-07T00:00:00.000Z", "value": "Discovered"}, {"lang": "en", "time": "2025-04-03T16:22:47.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c2260d6b-1a41-4757-a063-8b8857ef416a?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/countdown-builder/trunk/classes/RegisterPostType.php#L116"}], "descriptions": [{"lang": "en", "value": "The Countdown, Coming Soon, Maintenance \u2013 Countdown & Clock plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.8.9.1 via the createCdObj function. This makes it possible for unauthenticated attackers to include and execute files with the specific filenames on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in some cases."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-04-04T05:22:46.133Z"}}}, "cveMetadata": {"cveId": "CVE-2025-2270", "state": "PUBLISHED", "dateUpdated": "2025-04-04T13:07:41.132Z", "dateReserved": "2025-03-12T23:49:19.036Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-04-04T05:22:46.133Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Countdown, Coming Soon, Maintenance \u2013 Countdown & Clock plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.8.9.1 via the createCdObj function. This makes it possible for unauthenticated attackers to include and execute files with the specific filenames on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in some cases."}, {"lang": "es", "value": "El complemento Countdown, Coming Soon, Maintenance \u2013 Countdown &amp; Clock para WordPress es vulnerable a la inclusi\u00f3n local de archivos en todas las versiones hasta la 2.8.9.1 incluida, mediante la funci\u00f3n createCdObj. Esto permite a atacantes no autenticados incluir y ejecutar archivos con nombres espec\u00edficos en el servidor, lo que permite la ejecuci\u00f3n de cualquier c\u00f3digo PHP en dichos archivos. Esto puede utilizarse para eludir los controles de acceso, obtener datos confidenciales o, en algunos casos, lograr la ejecuci\u00f3n de c\u00f3digo."}], "id": "CVE-2025-2270", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-04-04T06:15:40.540", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/countdown-builder/trunk/classes/RegisterPostType.php#L116"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c2260d6b-1a41-4757-a063-8b8857ef416a?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T23:23:51.992032+00:00", "value": {"mitigation_remediation": ["Update the plugin to a version newer than 2.8.9.1 that removes the LFI entry point.", "If an update is not immediately possible, disable or delete the plugin to eliminate the vulnerable functionality.", "Ensure that filesystem permissions for directories that could be targeted by the LFI are read\u2011only or otherwise restricted so that even if inclusion is triggered, no executable code can run."], "summary": {"action": "Immediate Patch", "impact": "Local File Inclusion with unauthenticated access can lead to code execution and data exposure"}, "threat_synthesis": {"affected_systems": "Any WordPress site using the Countdown, Coming Soon, Maintenance \u2013 Countdown & Clock plugin version 2.8.9.1 or earlier is affected. The plugin is distributed by adamskaat; all releases up to and including 2.8.9.1 contain the vulnerability. Newer releases should be verified for a fix.", "description_and_impact": "The Countdown, Coming Soon, Maintenance \u2013 Countdown & Clock plugin contains a Local File Inclusion flaw in the createCdObj function. Unauthenticated users can supply a path to an existing file on the server, causing the plugin to read and execute that file as PHP code. This gives the attacker the ability to run arbitrary PHP, bypass access controls, extract sensitive data, or establish persistence. The flaw is classified as CWE\u201122.", "risk_and_exploitability": "The CVSS score is 8.1, indicating a high severity. The EPSS score is below 1\u202f%, suggesting a low probability of current exploitation, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is likely a request that manipulates the createCdObj function\u2019s input to include a file on the server, enabling unauthenticated remote code execution. Without remediation, the risk remains significant."}}}}, "created": "2026-04-20T23:30:16.120492+00:00", "updated": "2026-04-20T23:30:16.120504+00:00", "vendors": []}