CVE-2026-1654

Name of the Vulnerable Software and Affected Versions Peter's Date Countdown plugin for WordPress versions prior to 2.0.1

Description The Peter's Date Countdown plugin for WordPress is susceptible to Reflected Cross-Site Scripting. This is due to insufficient input sanitization and output escaping. An unauthenticated attacker can inject arbitrary web scripts into pages, which will execute if a user is tricked into performing an action, such as clicking a link. The vulnerability is related to the $ SERVER['PHP SELF'] parameter.

Recommendations Update the Peter's Date Countdown plugin to version 2.0.1 or later.