CVE-2021-25064: 
WordPress vulnerability analysis and mitigation

The Wow Countdowns WordPress plugin through version 3.1.2 contains an authenticated SQL injection vulnerability identified as CVE-2021-25064. The vulnerability was discovered by researcher 0xdecafbad and was publicly disclosed on March 7, 2022. The affected plugin fails to properly sanitize user input in the 'did' parameter, which can be exploited through SQL injection attacks (WPScan).

The vulnerability exists due to improper sanitization of the 'did' parameter in the plugin's admin interface. The issue is classified as CWE-89 (SQL Injection) and has received a CVSS v3.1 base score of 7.2 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. The vulnerability requires high privileges to exploit, but has potential for high impact on confidentiality, integrity, and availability (NVD).

If successfully exploited, this vulnerability could allow an authenticated attacker to execute arbitrary SQL commands on the underlying database. This could potentially lead to unauthorized access to sensitive data, modification of database contents, and potential disruption of the website's functionality (WPScan).

As of the latest reports, there is no known fix available for this vulnerability. Website administrators running affected versions of the Wow Countdowns plugin should consider either removing the plugin or implementing additional security controls to restrict access to the vulnerable functionality (WPScan).