CVEs-PoC/2021/CVE-2021-25064.md

### [CVE-2021-25064](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25064)
![](https://img.shields.io/static/v1?label=Product&message=Wow%20Countdowns%20%E2%80%93%20easily%20create%20any%20countdowns%2C%20counters%20and%20timers&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=3.1.2%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brightgreen)

### Description

The Wow Countdowns WordPress plugin through 3.1.2 does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection.

### POC

#### Reference
- https://wpscan.com/vulnerability/30c70315-3c17-41f0-a12f-7e3f793e259c

#### Github
- https://github.com/20142995/nuclei-templates