Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
WooCommerce Sales Countdown Timer Allows Attackers to Access Local Files
CVE-2026-27052
Summary
A vulnerability in the Sales Countdown Timer plugin for WooCommerce and WordPress allows attackers to access and potentially read sensitive files on the website. This could potentially allow unauthorized access to sensitive information. Update the plugin to version 1.1.9 or later to fix this issue.
Original title
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in villatheme Sales Countdown Timer for WooCommerce and WordPress sctv-sales-co...
Original description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in villatheme Sales Countdown Timer for WooCommerce and WordPress sctv-sales-countdown-timer allows PHP Local File Inclusion.This issue affects Sales Countdown Timer for WooCommerce and WordPress: from n/a through <= 1.1.8.1.
nvd CVSS3.1
7.5
Vulnerability type
CWE-98
Improper Control of Filename for Include
Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026