CVE-2022-29422

Name of the Vulnerable Software and Affected Versions Adam Skaat's Countdown & Clock plugin versions prior to 2.3.3

Description The issue concerns Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities. These vulnerabilities can be exploited via several vulnerable parameters, including &ycd-countdown-width, &ycd-progress-height, &ycd-progress-width, &ycd-button-margin-top, &ycd-button-margin-right, &ycd-button-margin-bottom, &ycd-button-margin-left, &ycd-circle-countdown-before-countdown, and &ycd-circle-countdown-after-countdown.

Recommendations For Adam Skaat's Countdown & Clock plugin versions prior to 2.3.3, update to version 2.3.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's settings page to minimize the risk of exploitation. Avoid using the vulnerable parameters in the plugin's configuration until the issue is resolved.