What is CVE-2026-12115?

CVE-2026-12115 is a medium-severity vulnerability in Wpcalc Counter Box – Add Countdowns, Timers & Dynamic Counters To Wordpress, classified under Deserialization of Untrusted Data. CVSS score: 6.6/10. Published 2026-06-17.

How severe is CVE-2026-12115?

Medium severity. CVSS v3 base score is 6.6 out of 10.

Deserialization in Wpcalc Counter Box – Add Countdowns, Timers & Dynamic Counters To Wordpress

CVE-2026-12115

The Counter Box – Add Countdowns, Timers & Dynamic Counters to WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.13 via deserialization of untrusted input . This makes it possibl…

Vulnerability class: Insecure Deserialization

CVSS v3 metric

CVSS v3 base score 6.6 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Wpcalc Counter Box – Add Countdowns, Timers & Dynamic Counters To Wordpress — versions 0

Weakness classification (CWE)

CWE-502 — Deserialization of Untrusted Data

References

Frequently asked questions

What is CVE-2026-12115?: CVE-2026-12115 is a medium-severity vulnerability in Wpcalc Counter Box – Add Countdowns, Timers & Dynamic Counters To Wordpress, classified under Deserialization of Untrusted Data. CVSS score: 6.6/10. Published 2026-06-17.
How severe is CVE-2026-12115?: Medium severity. CVSS v3 base score is 6.6 out of 10.