EUVD-2015-5487

Malware in sbrugna...

WordPress count-per-day plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress count-per-day plugin. An attacker can exploit thi...

CVE-2012-6714

The count-per-day plugin before 3.2.3 for WordPress has XSS via search words...

CVE-2012-6714

The CVE-2012-6714 entry concerns the WordPress plugin Count Per Day, specifically versions before 3.2.3. The vulnerability is a cross-site scripting (XSS) flaw exposed via search words handled by the plugin, enabling injection of client-side script when a user interacts with the search feature. S...

Sql injection

SQL injection vulnerability in counter-options.php in the Count Per Day plugin before 3.4.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the cpdkeepmonth parameter to wp-admin/options-general.php. NOTE: this can be leveraged using CSRF to allow...

CVE-2015-5533

CVE-2015-5533 affects the WordPress Count Per Day plugin (before 3.4.1). The flaw is an SQL injection in counter-options.php exposed via the cpd_keep_month parameter to wp-admin/options-general.php. It requires at least authenticated administrator privileges, and CSRF may enable remote attackers ...

Wordpress Count-per-day plugin Multiple Vulnerabilities

No description provided by source. Exploit Title: Count-per-day Wordpress plugin Arbitrary file download and XSS Version: 3.1.1 Date: 2011-01-12 Author 6Scan http://6scan.com security team Software Link: http://wordpress.org/extend/plugins/count-per-day/ Official fix: This advisory is released...

WordPress Count per Day Plugin 3.2.5 (counter.php) - XSS Vulnerability

Exploit for php platform in category web applications Because this is my first Vulnerability I ever found by my self, I wrote a PoC script I know that this is overkill and the Vulnerability is trivial to exploit :P The JavaScript Payload is executed when the Admin views Count per Day - Statistics...

WordPress Count per Day Plugin 'note' Parameter Persistent XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescription...

WordPress Count per Day Plugin 3.2.3 - XSS Vulnerability

WordPress Count per Day plugin is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal cookie-based...