WP-Safety

Countdown, Coming Soon, Maintenance – Countdown & Clock Security & Risk Analysis

wordpress.org/plugins/countdown-builder

Countdown builder - Customizable Countdown Timer

10K active installs v3.0.8 PHP 5.3+ WP 3.8+ Updated Feb 8, 2026
countdowncountdown-timertimer
65
C · Use Caution
CVEs total10
Unpatched1
Last CVEApr 3, 2025
Download
Safety Verdict

Is Countdown, Coming Soon, Maintenance – Countdown & Clock Safe to Use in 2026?

Use With Caution

Score 65/100

Countdown, Coming Soon, Maintenance – Countdown & Clock has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

10 known CVEs 1 unpatched Last CVE: Apr 3, 2025Updated 1mo ago
Risk Assessment

The "countdown-builder" plugin v3.0.8 exhibits a mixed security posture. On the positive side, the static analysis shows excellent adherence to secure coding practices, with all identified SQL queries utilizing prepared statements, a very high percentage of output escaping, and robust nonce and capability checks on its entry points. The absence of dangerous functions, file operations, and external HTTP requests further strengthens its security. However, the vulnerability history is a significant concern. With 10 known CVEs, including one that is currently unpatched, and common vulnerability types such as Path Traversal, Code Injection, and Cross-Site Scripting, this plugin has a history of introducing serious security flaws. The presence of an unpatched CVE, even if not specified by severity in the provided data, suggests a direct and immediate risk to users running this version. While the current static analysis indicates improvements, the historical patterns strongly advise caution.

Key Concerns

  • Unpatched CVE detected
  • History of high severity vulnerabilities (2 high CVEs)
  • History of medium severity vulnerabilities (7 medium CVEs)
  • History of low severity vulnerabilities (1 low CVE)
  • Taint analysis shows unsanitized paths
  • Bundled library Select2 potentially outdated
  • Bundled library TinyMCE potentially outdated
Vulnerabilities
10

Countdown, Coming Soon, Maintenance – Countdown & Clock Security Vulnerabilities

CVEs by Year

6 CVEs in 2022
2022
2 CVEs in 2024 · unpatched
2024
2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

High
2
Medium
7
Low
1

10 total CVEs

CVE-2025-2270high · 8.1Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Countdown, Coming Soon, Maintenance – Countdown & Clock <= 2.8.9.1 - Unauthenticated Limited Local File Inclusion

Apr 3, 2025 Patched in 2.9.0 (1d)
CVE-2025-30841high · 8.8Improper Control of Generation of Code ('Code Injection')

Countdown & Clock <= 2.8.8 - Authenticated (Contributor+) Remote Code Execution

Apr 1, 2025 Patched in 2.8.9 (10d)
CVE-2024-50516medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Countdown, Coming Soon, Maintenance – Countdown & Clock <= 2.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting

Oct 28, 2024Unpatched
CVE-2024-2017medium · 5.4Missing Authorization

Countdown, Coming Soon, Maintenance – Countdown & Clock <= 2.7.8 - Missing Authorization to Authenticated (Subscriber+) PHP Object Injection

Jun 5, 2024 Patched in 2.7.8.1 (1d)
WF-cfec9303-bdc5-4ba7-90dd-0c7559459d23-countdown-buildermedium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Countdown, Coming Soon, Maintenance – Countdown & Clock <= 2.3.9.5 - Authenticated Cross-Site Scripting

May 25, 2022 Patched in 2.3.9.6 (608d)
CVE-2022-29423low · 3.8Improper Authentication

Countdown & Clock <= 2.3.2 - Pro Features Lock Bypass

Apr 28, 2022 Patched in 2.3.3 (634d)
CVE-2022-29422medium · 4.8Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Countdown, Coming Soon, Maintenance – Countdown & Clock <= 2.3.2 - Cross-Site Scripting

Apr 28, 2022 Patched in 2.3.3 (634d)
CVE-2022-29421medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Countdown & Clock <= 2.3.2 - Reflected Cross-Site Scripting

Apr 28, 2022 Patched in 2.3.3 (634d)
CVE-2022-29420medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Countdown & Clock <= 2.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting

Apr 28, 2022 Patched in 2.3.3 (634d)
CVE-2022-0601medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Countdown & Clock <= 2.2.8 - Reflected Cross-Site Scripting

Feb 21, 2022 Patched in 2.2.9 (701d)
Code Analysis
Analyzed Mar 16, 2026

Countdown, Coming Soon, Maintenance – Countdown & Clock Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
8 prepared
Unescaped Output
15
633 escaped
Nonce Checks
8
Capability Checks
3
File Operations
0
External Requests
0
Bundled Libraries
2

Bundled Libraries

Select2TinyMCE

SQL Query Safety

100% prepared8 total queries

Output Escaping

98% escaped648 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

6 flows1 with unsanitized paths
duplicatePostSave (classes\Actions.php:51)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Countdown, Coming Soon, Maintenance – Countdown & Clock Attack Surface

Entry Points7
Unprotected0

AJAX Handlers 6

authwp_ajax_ycd-switchclasses\Ajax.php:13
authwp_ajax_ycd_dont_show_review_noticeclasses\Ajax.php:16
authwp_ajax_ycd_change_review_show_periodclasses\Ajax.php:17
authwp_ajax_ycd_select2_search_dataclasses\Ajax.php:20
authwp_ajax_ycd_edit_conditions_rowclasses\Ajax.php:21
authwp_ajax_ycd_add_conditions_rowclasses\Ajax.php:22

Shortcodes 1

[ycd_countdown] classes\Actions.php:28
WordPress Hooks 74
actionadmin_initclasses\Actions.php:24
actioninitclasses\Actions.php:25
actionadmin_menuclasses\Actions.php:26
actionsave_postclasses\Actions.php:27
actionadd_meta_boxesclasses\Actions.php:30
actionwidgets_initclasses\Actions.php:31
actionmedia_buttonsclasses\Actions.php:32
actionadmin_post_ycdSaveSettingsclasses\Actions.php:33
actionadmin_post_ycdComingSoonclasses\Actions.php:34
actionwp_headclasses\Actions.php:35
actionadmin_headclasses\Actions.php:36
actionwp_enqueue_scriptsclasses\Actions.php:37
filtermce_external_pluginsclasses\Actions.php:38
actionadmin_menuclasses\Actions.php:39
actionadmin_action_ycd_duplicate_post_as_draftclasses\Actions.php:40
filterpll_get_post_typesclasses\Actions.php:41
actionadmin_noticesclasses\Actions.php:249
actionnetwork_admin_noticesclasses\Actions.php:250
actionuser_admin_noticesclasses\Actions.php:251
actionadd_meta_boxesclasses\countdown\CircleCountdown.php:15
actionycdGeneralMetaboxesclasses\countdown\CircleCountdown.php:16
filterycdCountdownDefaultOptionsclasses\countdown\CircleCountdown.php:17
filterthe_contentclasses\countdown\CircleCountdown.php:199
filterycdGeneralMetaboxesclasses\countdown\Clock1Countdown.php:9
actionadd_meta_boxesclasses\countdown\Clock1Countdown.php:10
filterycdCountdownDefaultOptionsclasses\countdown\Clock1Countdown.php:11
filterthe_contentclasses\countdown\Clock1Countdown.php:26
filterycdGeneralMetaboxesclasses\countdown\Clock2Countdown.php:9
actionadd_meta_boxesclasses\countdown\Clock2Countdown.php:10
filterycdCountdownDefaultOptionsclasses\countdown\Clock2Countdown.php:11
filterthe_contentclasses\countdown\Clock2Countdown.php:26
filterycdGeneralMetaboxesclasses\countdown\Clock3Countdown.php:9
actionadd_meta_boxesclasses\countdown\Clock3Countdown.php:10
filterycdCountdownDefaultOptionsclasses\countdown\Clock3Countdown.php:11
filterthe_contentclasses\countdown\Clock3Countdown.php:26
filterYcdComingSoonPageHeaderclasses\countdown\ComingSoon.php:8
filterYcdComingSoonPageMessageclasses\countdown\ComingSoon.php:9
filterYcdComingSoonPageTitleclasses\countdown\ComingSoon.php:10
filterYcdComingSoonPageHeaderContentclasses\countdown\ComingSoon.php:11
actionadd_meta_boxesclasses\countdown\MoneycounterCountdown.php:8
filterycdGeneralMetaboxesclasses\countdown\SimpleCountdown.php:35
actionadd_meta_boxesclasses\countdown\SimpleCountdown.php:36
filterycdCountdownDefaultOptionsclasses\countdown\SimpleCountdown.php:37
filterthe_contentclasses\countdown\SimpleCountdown.php:278
actionadd_meta_boxesclasses\countdown\StickyCountdown.php:8
filterycdCountdownDefaultOptionsclasses\countdown\StickyCountdown.php:9
actionycdGeneralMetaboxesclasses\countdown\StickyCountdown.php:10
filterycdGeneralMetaboxesclasses\countdown\TimerCountdown.php:19
actionadd_meta_boxesclasses\countdown\TimerCountdown.php:20
filterycdCountdownDefaultOptionsclasses\countdown\TimerCountdown.php:21
filterthe_contentclasses\countdown\TimerCountdown.php:34
filteradmin_urlclasses\Filters.php:11
filterycdDefaultsclasses\Filters.php:13
filterpost_updated_messagesclasses\Filters.php:14
filtercron_schedulesclasses\Filters.php:15
filterycdConditionsDisplayKeysclasses\Filters.php:18
filterycdConditionsDisplayAttributesclasses\Filters.php:19
actiontemplate_redirectclasses\Filters.php:20
filterYcdComingSoonPageBeforeHeaderclasses\Filters.php:22
filterYcdComingSoonPageHeaderclasses\Filters.php:23
filterYcdComingSoonPageAfterHeaderclasses\Filters.php:24
filterYcdComingSoonPageBeforeMessageclasses\Filters.php:25
filterYcdComingSoonPageMessageclasses\Filters.php:26
filterYcdComingSoonPageAfterMessageclasses\Filters.php:27
filterupgrader_pre_downloadclasses\Filters.php:28
filterpost_row_actionsclasses\Filters.php:29
filterycdGeneralArgsclasses\Filters.php:30
filterycdCountdownContentclasses\Filters.php:31
filterycdGroupsLostclasses\Filters.php:33
filterwp_unique_filenameclasses\Filters.php:71
actionwp_headclasses\IncludeManager.php:76
filterycdPostTypeSupportclasses\RegisterPostType.php:51
actionadmin_footerclasses\Tickbox.php:22
actionadmin_initCountdownInit.php:30
Maintenance & Trust

Countdown, Coming Soon, Maintenance – Countdown & Clock Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 8, 2026
PHP min version5.3
Downloads1.1M

Community Trust

Rating94/100
Number of ratings181
Active installs10K
Alternatives

Countdown, Coming Soon, Maintenance – Countdown & Clock Alternatives

Countdown Timer Ultimate

Countdown Timer Ultimate

countdown-timer-ultimate

A
100

A quick, easy way to add and display responsive Countdown timer on your website. Also work with Gutenberg shortcode block.

20K No CVEs
HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce

HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce

hurrytimer

A
95

Create unlimited urgency and scarcity countdown timers for WordPress and WooCommerce to boost conversions and sales instantly.

20K 5 CVEs
Countdown Timer – Widget Countdown

Countdown Timer – Widget Countdown

widget-countdown

A
96

Countdown timer plugin is an nice tool to create and insert timers into your posts/pages and widgets.

10K 3 CVEs
Coming Soon & Maintenance Mode by Colorlib

Coming Soon & Maintenance Mode by Colorlib

colorlib-coming-soon-maintenance

A
99

Create a coming soon page or maintenance mode screen with 15 responsive templates, countdown timer, MailChimp subscribe form, and social media links.

7K 2 CVEs
HashBar – Announcement, Notification Bar & Popup Campaign

HashBar – Announcement, Notification Bar & Popup Campaign

hashbar-wp-notification-bar

A
99

Create Announcement Bars, Notification Bars & Popup Campaigns with countdown timers, A/B testing, smart targeting & analytics.

7K 2 CVEs
Developer Profile

Countdown, Coming Soon, Maintenance – Countdown & Clock Developer Profile

adamskaat

2 plugins · 10K total installs

62
trust score
Avg Security Score
75/100
Avg Patch Time
429 days
View full developer profile
Detection Fingerprints

How We Detect Countdown, Coming Soon, Maintenance – Countdown & Clock

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/countdown-builder/assets/css/admin/admin-style.css/wp-content/plugins/countdown-builder/assets/css/admin/ycd-tinymce-plugin.css/wp-content/plugins/countdown-builder/assets/css/cd-styles.css/wp-content/plugins/countdown-builder/assets/css/cd-responsive.css/wp-content/plugins/countdown-builder/assets/css/cd-custom-styles.css/wp-content/plugins/countdown-builder/assets/js/admin/ycd-tinymce-plugin.js/wp-content/plugins/countdown-builder/assets/js/admin/countdown-builder-admin.js/wp-content/plugins/countdown-builder/assets/js/jquery.countdown.min.js+1 more
Script Paths
/wp-content/plugins/countdown-builder/assets/js/admin/ycd-tinymce-plugin.js
Version Parameters
countdown-builder/assets/css/admin/admin-style.css?ver=countdown-builder/assets/css/admin/ycd-tinymce-plugin.css?ver=countdown-builder/assets/css/cd-styles.css?ver=countdown-builder/assets/css/cd-responsive.css?ver=countdown-builder/assets/css/cd-custom-styles.css?ver=countdown-builder/assets/js/admin/ycd-tinymce-plugin.js?ver=countdown-builder/assets/js/admin/countdown-builder-admin.js?ver=countdown-builder/assets/js/jquery.countdown.min.js?ver=countdown-builder/assets/js/countdown-builder.js?ver=

HTML / DOM Fingerprints

CSS Classes
ycd-countdown-builderycd-countdown-contentycd-countdown-wrapperycd-countdown-elementycd-countdown-item
HTML Comments
<!-- If this file is called directly, abort. --><!-- Start: YCD Countdown Builder --><!-- End: YCD Countdown Builder --><!-- Countdown Builder Admin Options -->+1 more
Data Attributes
data-plugin-name="countdown-builder"data-plugin-version="3.0.8"
JS Globals
YCD_COUNTDOWN_POST_TYPEYCD_TEXT_DOMAINYCD_COUNTDOWN_PRO_URLYCD_FREE_VERSIONYCD_PKG_VERSIONtickbox+1 more
Shortcode Output
[ycd_countdown
FAQ

Frequently Asked Questions about Countdown, Coming Soon, Maintenance – Countdown & Clock