Absolute Path Traversal Vulnerability in Count Per Day Module for WordPress
CVE-2012-0896

Currently unrated

Key Information:

Vendor

Wordpress
Status
Count Per Day
Vendor
CVE Published:
20 January 2012

What is CVE-2012-0896?

An absolute path traversal vulnerability exists in the download.php script of the Count Per Day plugin prior to version 3.1.1. This flaw allows remote attackers to exploit the f parameter, enabling them to read arbitrary files on the server. By leveraging this vulnerability, attackers could access sensitive information, which poses threats to the security of WordPress installations utilizing this plugin. It is crucial for site administrators to update to the latest version to mitigate the risk.

References

http://wordpress.org/extend/plugins/count-per-day/changelog/
x_refsource_CONFIRM
http://www.exploit-db.com/exploits/18355
exploitx_refsource_EXPLOIT-DB
http://osvdb.org/78270
vdb-entryx_refsource_OSVDB

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.