CVE-2024-10669

Name of the Vulnerable Software and Affected Versions Countdown Timer block plugin for WordPress versions up to, and including, 1.2.4

Description The Countdown Timer block plugin for WordPress has an Information Exposure issue due to insufficient restrictions on which posts can be included via the ctb shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to.

Recommendations For versions up to, and including, 1.2.4, update to version 1.2.5 immediately to mitigate risks. As a temporary workaround, consider restricting access to the ctb shortcode until a patch is available. Restrict access to password protected, private, or draft posts to minimize the risk of exploitation.