CVE-2024-2017

Name of the Vulnerable Software and Affected Versions The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress versions up to, and including, 2.7.8

Description The issue is related to a missing capability check on the conditionsRow and switchCountdown functions, allowing authenticated attackers with subscriber-level access and above to inject PHP Objects and modify the status of countdowns.

Recommendations For versions up to, and including, 2.7.8, consider disabling the conditionsRow and switchCountdown functions until a patch is available to prevent unauthorized access and PHP Object injection. Restrict access to the plugin's functionality to minimize the risk of exploitation, especially for users with subscriber-level access and above.