Published: 20/01/2012 Updated: 13/07/2020

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Absolute path traversal vulnerability in download.php in the Count Per Day module prior to 3.1.1 for WordPress allows remote malicious users to read arbitrary files via the f parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
count_per_day_project count_per_day 2.16
count_per_day_project count_per_day 2.15.1
count_per_day_project count_per_day 2.15
count_per_day_project count_per_day 2.2
tom_braider count_per_day
tom_braider count_per_day 1.0

#Exploit Title: Count-per-day Wordpress plugin Arbitrary file download and XSS #Version: < 311 #Date: 2011-01-12 #Author 6Scan (6scancom) security team #Software Link: wordpressorg/extend/plugins/count-per-day/ #Official fix: This advisory is released after the vendor has responded and fixed the issue #Description: User could ...

CWE-22 http://secunia.com/advisories/47529 http://plugins.trac.wordpress.org/changeset/488883/count-per-day http://wordpress.org/extend/plugins/count-per-day/changelog/http://www.exploit-db.com/exploits/18355 http://packetstormsecurity.org/files/108631/countperday-downloadxss.txt http://www.securityfocus.com/bid/51402 http://osvdb.org/78270 https://exchange.xforce.ibmcloud.com/vulnerabilities/72385 https://nvd.nist.gov https://www.exploit-db.com/exploits/18355/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2012-0896

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect