Count Per Day Project: Security Vulnerabilities
The count-per-day plugin before 3.2.3 for WordPress has XSS via search words.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-21
The "Count per Day" plugin before 3.2.6 for WordPress allows XSS via the wp-admin/?page=cpd_metaboxes daytoshow parameter.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-06-15
SQL injection vulnerability in counter-options.php in the Count Per Day plugin before 3.4.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the cpd_keep_month parameter to wp-admin/options-general.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.
CVSS Score
7.2
EPSS Score
0.095
Published
2017-10-23
Absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter.
CVSS Score
5.0
EPSS Score
0.037
Published
2012-01-20