← Back

CVE-2023-3999

nvd nist
Published: Aug 31, 2023Modified: Jun 17, 2026

JSON object

Loading...
4.3
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Exploitability: 2.8 / Impact: 1.4
Source: NVD

Description

The Waiting: One-click countdowns plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on its AJAX calls in versions up to, and including, 0.6.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to create and delete countdowns as well as manipulate other plugin settings.

Affected (1)

Products: Plugin: Waiting
1 product
Waiting
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Up to 0.6.2

Timeline

No history available yet.