CVE-2021-34636 – This CSRF vulnerability in the Countdown and Co... (How to Fix)

Q: What is the severity of CVE-2021-34636?

CVE-2021-34636 has a CVSS score of 8.8 (HIGH). This CSRF vulnerability in the Countdown and CountUp WordPress plugin allows attackers to trick authenticated administrators into executing malicious actions without their consent. Attackers can inject arbitrary web scripts through the save_theme function, potentially compromising WordPress sites. All WordPress installations using this plugin version 1.5.7 or earlier are affected.

📋 TL;DR

This CSRF vulnerability in the Countdown and CountUp WordPress plugin allows attackers to trick authenticated administrators into executing malicious actions without their consent. Attackers can inject arbitrary web scripts through the save_theme function, potentially compromising WordPress sites. All WordPress installations using this plugin version 1.5.7 or earlier are affected.

💻 Affected Systems

Products:

Countdown and CountUp, WooCommerce Sales Timers WordPress plugin

Versions: Up to and including 1.5.7

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with the vulnerable plugin activated. Attack requires tricking authenticated admin users.

📦 What is this software?

Countdown And Countup\, Woocommerce Sales Timer by Wpdevart

View all CVEs affecting Countdown And Countup\, Woocommerce Sales Timer →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete site takeover through privilege escalation, data theft, or malware injection leading to widespread compromise of all site visitors.

🟠

Likely Case

Unauthorized theme modifications, script injection leading to defacement, cookie theft, or redirection to malicious sites.

🟢

If Mitigated

No impact if proper CSRF protections are implemented and users follow security best practices.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires social engineering to trick authenticated admin users. CSRF attacks are well-understood and easily weaponized.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.5.8 or later

Vendor Advisory: https://plugins.trac.wordpress.org/changeset/2605523/countdown-wpdevart-extended/trunk/includes/admin/coundown_theme_page.php

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Countdown and CountUp, WooCommerce Sales Timers'. 4. Click 'Update Now' if available, or delete and reinstall latest version. 5. Verify version is 1.5.8 or higher.

🔧 Temporary Workarounds

Disable vulnerable plugin

all

Temporarily disable the plugin until patched version is available

wp plugin deactivate countdown-wpdevart-extended

Implement CSRF protection middleware

all

Add WordPress nonce verification to all admin actions

🧯 If You Can't Patch

Restrict admin access to trusted networks only
Implement web application firewall with CSRF protection rules

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Countdown and CountUp plugin version. If version is 1.5.7 or lower, you are vulnerable.

Check Version:

wp plugin get countdown-wpdevart-extended --field=version

Verify Fix Applied:

Verify plugin version is 1.5.8 or higher in WordPress admin panel. Check that nonce verification is present in ~/includes/admin/coundown_theme_page.php.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /wp-admin/admin-ajax.php with save_theme action
Multiple failed nonce verification attempts

Network Indicators:

CSRF attack patterns in web traffic
Unexpected theme modification requests

SIEM Query:

source="wordpress" action="save_theme" AND NOT nonce_verified="true"

📊 Metadata

CVE ID: CVE-2021-34636

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-352

Published: September 28, 2021

Last Updated: November 21, 2024

🔗 References

https://plugins.trac.wordpress.org/changeset/2605523/countdown-wpdevart-extended/trunk/includes/admin/coundown_theme_page.php Patch,Third Party Advisory
https://www.wordfence.com/vulnerability-advisories/#CVE-2021-34636 Third Party Advisory
https://plugins.trac.wordpress.org/changeset/2605523/countdown-wpdevart-extended/trunk/includes/admin/coundown_theme_page.php Patch,Third Party Advisory
https://www.wordfence.com/vulnerability-advisories/#CVE-2021-34636 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-34636, you might also want to check these: