Haghs

**Name of the Vulnerable Software and Affected Versions** Redirect countdown plugin for WordPress versions prior to 1.1 **Description** The Redirect countdown plugin for WordPress is susceptible to Cross-Site Request Forgery (CSRF). This is caused by a lack of nonce validation within the `countdown settings content()` function. Successful exploitation allows unauthenticated attackers to modify plugin settings, including the countdown timeout, redirect URL, and custom text, by deceiving a site administrator into performing an action. **Recommendations** Update the Redirect countdown plugin to version 1.1 or later.