Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) discovered by Xu-Liang Liao in WordPress Countdown and CountUp, WooCommerce Sales Timer plugin (versions <= 1.5.7).
Update the WordPress Countdown and CountUp, WooCommerce Sales Timer plugin to the latest available version (at least 1.5.8).