Primary

Context

WordPress Countdown Plugin Local File Inclusion Vulnerability

Vulnerability

A local file inclusion vulnerability has been identified in the Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress, affecting all versions through 2.8.9.1. The vulnerability arises in the createCdObj function, where unauthenticated attackers can include and execute files from the server with specific filenames. This exploitation allows the execution of PHP code contained in those files, potentially bypassing access controls, accessing sensitive information, or in some cases, executing arbitrary code.

Impact

Exploitation of this vulnerability could lead to unauthorized file inclusion, allowing attackers to execute PHP code on the server. This could be used to bypass access controls, access sensitive data, or achieve remote code execution.

Remediation

Users are advised to update the Countdown, Coming Soon, Maintenance – Countdown & Clock plugin to version 2.9.0 or later.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.6

exploitability

5.3

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.6

exploitability

5.3

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WordPress Countdown Plugin Local File Inclusion Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating