Absolute Path Traversal Vulnerability in Count Per Day Module for WordPress
CVE-2012-0896

Currently unrated

Key Information:

Vendor: Wordpress
Status: Count Per Day
Vendor: CVE Published:; 20 January 2012

Summary

An absolute path traversal vulnerability exists in the download.php script of the Count Per Day plugin prior to version 3.1.1. This flaw allows remote attackers to exploit the f parameter, enabling them to read arbitrary files on the server. By leveraging this vulnerability, attackers could access sensitive information, which poses threats to the security of WordPress installations utilizing this plugin. It is crucial for site administrators to update to the latest version to mitigate the risk.

References

http://wordpress.org/extend/plugins/count-per-day/changelog/

x_refsource_CONFIRM

http://www.exploit-db.com/exploits/18355

exploitx_refsource_EXPLOIT-DB

http://osvdb.org/78270

vdb-entryx_refsource_OSVDB

EPSS Score

15% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 20, 2012
Vulnerability Reserved
Jan 20, 2012