Wow-company Counter Box — known CVE vulnerabilities
Every CVE whose affected-product data names Wow-company Counter Box, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2022-2245 — CVSS 8.8 (high): The Counter Box WordPress plugin before 1.2.1 is lacking CSRF check when activating and deactivating counters, which could allow attackers…
CVE-2022-29446 — CVSS 6.8 (medium): Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company's Counter Box plugin <= 1.1.1 at…
CVE-2023-2362 — CVSS 6.1 (medium): The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress plugin before 3.0.4, Button Generator WordPress plugin before 2.3.5…
CVE-2024-3481 — CVSS 5.2 (medium): The Counter Box WordPress plugin before 1.2.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in…
CVE-2024-13901 — CVSS 4.4 (medium): The Counter Box: Add Engaging Countdowns, Timers & Counters to Your WordPress Site plugin for WordPress is vulnerable to DOM-Based Stored…