WP-Safety

Countdown and CountUp, WooCommerce Sales Timer Security & Risk Analysis

wordpress.org/plugins/countdown-wpdevart-extended

WordPress Countdown and CountUp, WooCommerce Sales Timer plugin is a great tool. You can easily create countdown and countup timers for WordPress your …

300 active installs v1.9.0 PHP + WP 3.4.0+ Updated Feb 2, 2026
countdowncountdown-timercountdown-widgetwoocommerce-countdownwoocommerce-sales-countdown
99
A · Safe
CVEs total2
Unpatched0
Last CVENov 7, 2023
Plugin page Download
Safety Verdict

Is Countdown and CountUp, WooCommerce Sales Timer Safe to Use in 2026?

Generally Safe

Score 99/100

Countdown and CountUp, WooCommerce Sales Timer has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

2 known CVEsLast CVE: Nov 7, 2023Updated 3mo ago
Risk Assessment

The "countdown-wpdevart-extended" v1.9.0 plugin exhibits a mixed security posture. While it demonstrates good practices in output escaping (94% properly escaped) and a significant majority of its SQL queries use prepared statements (55%), several critical security concerns remain. The presence of two unprotected AJAX handlers significantly increases the attack surface, as these entry points could be exploited without proper authentication. Furthermore, the plugin has a history of known vulnerabilities, including a high-severity cross-site scripting (XSS) and a medium-severity cross-site request forgery (CSRF) vulnerability, the latter being relatively recent. Although there are no currently unpatched CVEs, this history suggests a pattern of potential security weaknesses that require diligent attention.

Key Concerns

  • Unprotected AJAX handlers found
  • History of high and medium severity CVEs
  • SQL queries not using prepared statements
  • Flows with unsanitized paths found
Vulnerabilities
2 published

Countdown and CountUp, WooCommerce Sales Timer Security Vulnerabilities

CVEs by Year

1 CVE in 2021
2021
1 CVE in 2023
2023
Patched Has unpatched

Severity Breakdown

High
1
Medium
1

2 total CVEs

CVE-2023-47533medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Countdown and CountUp, WooCommerce Sales Timer <= 1.8.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings

Nov 7, 2023 Patched in 1.8.3 (405d)
CVE-2021-34636high · 8.8Cross-Site Request Forgery (CSRF)

Countdown and CountUp, WooCommerce Sales Timers <= 1.5.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Sep 27, 2021 Patched in 1.5.8 (847d)
Version History

Countdown and CountUp, WooCommerce Sales Timer Release Timeline

v1.9.0Current
v1.8.9
v1.8.8
v1.8.7
v1.8.6
v1.8.5
v1.8.4
v1.8.3
v1.8.21 CVE
CVE-2023-47533
v1.8.11 CVE
CVE-2023-47533
v1.8.01 CVE
CVE-2023-47533
v1.7.91 CVE
CVE-2023-47533
v1.7.81 CVE
CVE-2023-47533
v1.7.71 CVE
CVE-2023-47533
v1.7.61 CVE
CVE-2023-47533
v1.7.51 CVE
CVE-2023-47533
v1.7.41 CVE
CVE-2023-47533
v1.7.31 CVE
CVE-2023-47533
v1.7.21 CVE
CVE-2023-47533
v1.7.11 CVE
CVE-2023-47533
Code Analysis
Analyzed Mar 16, 2026

Countdown and CountUp, WooCommerce Sales Timer Code Analysis

Dangerous Functions
0
Raw SQL Queries
15
18 prepared
Unescaped Output
21
331 escaped
Nonce Checks
8
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

TinyMCE

SQL Query Safety

55% prepared33 total queries

Output Escaping

94% escaped352 total outputs
Data Flows · Security
4 unsanitized

Data Flow Analysis

7 flows4 with unsanitized paths
controller_page (includes\admin\coundown_theme_page.php:778)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Countdown and CountUp, WooCommerce Sales Timer Attack Surface

Entry Points3
Unprotected2

AJAX Handlers 2

authwp_ajax_wpda_contdown_extend_post_page_contentincludes\admin\admin.php:17
authwp_ajax_countdown_extended_popup_page_saveincludes\admin\admin.php:18

Shortcodes 1

[wpda_contdown_extend] includes\frontend\front_end.php:13
WordPress Hooks 12
actionadmin_menuincludes\admin\admin.php:13
filtermce_external_pluginsincludes\admin\admin.php:15
filtermce_buttonsincludes\admin\admin.php:16
actionadd_meta_boxesincludes\admin\admin.php:31
actionsave_post_productincludes\admin\admin.php:32
filterwoocommerce_get_settings_pagesincludes\admin\admin.php:34
actioninitincludes\admin\gutenberg\gutenberg.php:11
filterwp_headincludes\frontend\front_end.php:12
filterwoocommerce_single_product_summaryincludes\frontend\front_end.php:27
actioninitwpdevart_countdown_extended.php:56
actioninitwpdevart_countdown_extended.php:57
actionwidgets_initwpdevart_countdown_extended.php:59
Maintenance & Trust

Countdown and CountUp, WooCommerce Sales Timer Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 2, 2026
PHP min version
Downloads48K

Community Trust

Rating78/100
Number of ratings14
Active installs300
Alternatives

Countdown and CountUp, WooCommerce Sales Timer Alternatives

Sales Countdown Timer

Sales Countdown Timer

sales-countdown-timer

A
100

Create versatile countdown timers for your WordPress site and WooCommerce products, including progress bars and upcoming sale countdowns.

6K No CVEs
Finale Lite – Sales Countdown Timer & Discount for WooCommerce

Finale Lite – Sales Countdown Timer & Discount for WooCommerce

finale-woocommerce-sales-countdown-timer-discount

C
58

Finale lets you create scheduled one time or recurring campaigns. It induces urgency with visual elements such as Countdown Timer and Counter Bar to m &hellip;

4K 1 unpatched
Met Sales Countdown- All‑in‑one FOMO plugin for WooCommerce

Met Sales Countdown- All‑in‑one FOMO plugin for WooCommerce

sales-countdown-discount-timer

A
92

Met Sales Countdown to increase sales and create urgency for buying your products.

0 No CVEs
Countdown Timer – Widget Countdown

Countdown Timer – Widget Countdown

widget-countdown

A
96

Countdown timer plugin is an nice tool to create and insert timers into your posts/pages and widgets.

10K 3 CVEs
Delivery Countdown Timer

Delivery Countdown Timer

delivery-countdown-timer

A
85

Show the nextday delivery timer with text based on cut off time.

200 No CVEs
Developer Profile

Countdown and CountUp, WooCommerce Sales Timer Developer Profile

wpdevart

45 plugins · 52K total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
581 days
View full developer profile
Detection Fingerprints

How We Detect Countdown and CountUp, WooCommerce Sales Timer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/countdown-wpdevart-extended/includes/admin/css/font-awesome.min.css/wp-content/plugins/countdown-wpdevart-extended/includes/admin/gutenberg/style.css/wp-content/plugins/countdown-wpdevart-extended/includes/admin/css/jquery-ui-style.css/wp-content/plugins/countdown-wpdevart-extended/includes/frontend/js/popup.js/wp-content/plugins/countdown-wpdevart-extended/includes/admin/js/date-time-picker/jquery-ui-timepicker-addon.css/wp-content/plugins/countdown-wpdevart-extended/includes/admin/js/date-time-picker/jquery-ui-timepicker-addon.js/wp-content/plugins/countdown-wpdevart-extended/includes/admin/gutenberg/block.js
Script Paths
wpdevart_countdown_extended_popup_frontjquery-ui-date-time-picker-jswpda_countdown_extended_gutenberg_js

HTML / DOM Fingerprints

CSS Classes
wpda_countdown_extended_widget
FAQ

Frequently Asked Questions about Countdown and CountUp, WooCommerce Sales Timer