CVE-2025-2270

Published Apr 4, 2025

Last updated 3 months ago

CVSS high 8.1

Overview

Description
The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.8.9.1 via the createCdObj function. This makes it possible for unauthenticated attackers to include and execute files with the specific filenames on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in some cases.
Source
security@wordfence.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
8.1
Impact score
5.9
Exploitability score
2.2
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

security@wordfence.com
CWE-22

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2025-2270 🔴 HIGH (8.1) 🏢 adamskaat - Countdown, Coming Soon, Maintenance – Countdown & Clock 🏗️ * 🔗 https://t.co/QzFmhK90Ft 🔗 https://t.co/AFoQiDd1WO #CyberCron #VulnAlert #InfoSec https://t.co/61G8Uu1Lgk

    @cybercronai

    4 Apr 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.