CVE-2026-1390

Name of the Vulnerable Software and Affected Versions Redirect countdown plugin for WordPress versions prior to 1.1

Description The Redirect countdown plugin for WordPress is susceptible to Cross-Site Request Forgery (CSRF). This is caused by a lack of nonce validation within the countdown settings content() function. Successful exploitation allows unauthenticated attackers to modify plugin settings, including the countdown timeout, redirect URL, and custom text, by deceiving a site administrator into performing an action.

Recommendations Update the Redirect countdown plugin to version 1.1 or later.