Cross-Site Scripting Vulnerability in Count Per Day Module for WordPress
CVE-2012-0895

Currently unrated

Key Information:

Vendor: Wordpress
Status: Count Per Day
Vendor: CVE Published:; 20 January 2012

Summary

A Cross-Site Scripting vulnerability exists in the Count Per Day module prior to version 3.1.1 for WordPress. This security flaw allows remote attackers to inject arbitrary web scripts or HTML into web pages via the manipulated map parameter. Exploiting this vulnerability could enable attackers to execute malicious scripts in the context of users' browsers, leading to unauthorized actions or information disclosure. Users of affected versions are advised to upgrade to mitigate the risk associated with this vulnerability.

References

http://wordpress.org/extend/plugins/count-per-day/changelog/

x_refsource_CONFIRM

http://www.exploit-db.com/exploits/18355

exploitx_refsource_EXPLOIT-DB

http://plugins.trac.wordpress.org/changeset/488883/count-...

x_refsource_CONFIRM

Timeline

Vulnerability published
Jan 20, 2012
Vulnerability Reserved
Jan 20, 2012