CVE-2025-30841
WordPress Countdown & Clock plugin <=2.8.8 - Remote Code Execution (RCE) vulnerabilityImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in adamskaat Countdown & Clock countdown-builder allows Remote Code Inclusion.This issue affects Countdown & Clock: from n/a through <= 2.8.8.
We have discovered 34 live websites that are affected by CVE-2025-30841.
Affected Software
| Product |  Countdown Builder |
| Category | Wordpress Plugins |
| Vulnerable Domains | 34 live websites (4.80% of Countdown Builder install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 6 versions ( 11% of all versions) |
Details
- Published - Apr 1, 2025
- Updated - Apr 1, 2026
Credits
- Martino Spagnuolo (r3verii) | Patchstack Bug Bounty Program (finder)
CVE References
Website Distribution by Country
Number of websites using CVE-2025-30841 United States | 10 websites |
 Germany | 6 websites |
 France | 4 websites |
 Spain | 3 websites |
 GB | 2 websites |
 Italy | 2 websites |
 Bulgaria | 1 websites |
 Switzerland | 1 websites |
 Nigeria | 1 websites |
 Netherlands | 1 websites |
Website Distribution by TLD
Number of websites using CVE-2025-30841| .com | 10 websites |
| .de | 5 websites |
| .org | 5 websites |
| .eu | 3 websites |
| .it | 2 websites |
| .ch | 1 websites |
| .edu | 1 websites |
| .es | 1 websites |
| .fr | 1 websites |
| .nl | 1 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-30841
Top websites that are affected by CVE-2025-30841. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ********.***.ng | Nigeria | *,***,*** | |
| *******.sk |  Slovakia | *,***,*** | |
| *********.com | France | **,***,*** | |
| *****************.it | Italy | **,***,*** | |
| ***************.eu | United States | **,***,*** | |
| ******.org | Bulgaria | **,***,*** | |
| *****************.nl | Netherlands | **,***,*** | |
| *******.****.eu | France | **,***,*** | |
| *******************.org | United States | **,***,*** | |
| *****.de | Germany | **,***,*** |
FAQ
A total of 34 websites have been identified as vulnerable to CVE-2025-30841, based on global website indexing conducted by WebTechSurvey.
The Countdown Builder is affected by the CVE-2025-30841 vulnerability.
Countdown Builder versions up to and including 2.8.8 are vulnerable to CVE-2025-30841.