4 matches found
CVE-2013-7472
The CVE-2013-7472 issue affects the WordPress Count per Day plugin prior to version 3.2.6, where an XSS vulnerability can be triggered via the daytoshow parameter in wp-admin/?page=cpd_metaboxes. Impact details in connected records indicate cross-site scripting without authentication and with use...
CVE-2012-0896
CVE-2012-0896 affects the WordPress Count Per Day plugin, via download.php the f parameter allows absolute path traversal to read arbitrary files. The issue is in Count Per Day
CVE-2015-5533
CVE-2015-5533 affects the WordPress Count Per Day plugin (before 3.4.1). The flaw is an SQL injection in counter-options.php exposed via the cpd_keep_month parameter to wp-admin/options-general.php. It requires at least authenticated administrator privileges, and CSRF may enable remote attackers ...
CVE-2012-6714
The CVE-2012-6714 entry concerns the WordPress plugin Count Per Day, specifically versions before 3.2.3. The vulnerability is a cross-site scripting (XSS) flaw exposed via search words handled by the plugin, enabling injection of client-side script when a user interacts with the search feature. S...