Vulnerabilites related to tom_braider - count_per_day
CVE-2012-0896 (GCVE-0-2012-0896)
Vulnerability from cvelistv5
Published
2012-01-20 17:00
Modified
2024-08-06 18:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://wordpress.org/extend/plugins/count-per-day/changelog/ | x_refsource_CONFIRM | |
| http://www.exploit-db.com/exploits/18355 | exploit, x_refsource_EXPLOIT-DB | |
| http://osvdb.org/78270 | vdb-entry, x_refsource_OSVDB | |
| http://plugins.trac.wordpress.org/changeset/488883/count-per-day | x_refsource_CONFIRM | |
| http://secunia.com/advisories/47529 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/72385 | vdb-entry, x_refsource_XF | |
| http://packetstormsecurity.org/files/108631/countperday-downloadxss.txt | x_refsource_MISC | |
| http://www.securityfocus.com/bid/51402 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:38:15.073Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wordpress.org/extend/plugins/count-per-day/changelog/"
},
{
"name": "18355",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18355"
},
{
"name": "78270",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78270"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plugins.trac.wordpress.org/changeset/488883/count-per-day"
},
{
"name": "47529",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47529"
},
{
"name": "countperday-download-file-download(72385)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72385"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/108631/countperday-downloadxss.txt"
},
{
"name": "51402",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51402"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wordpress.org/extend/plugins/count-per-day/changelog/"
},
{
"name": "18355",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18355"
},
{
"name": "78270",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78270"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plugins.trac.wordpress.org/changeset/488883/count-per-day"
},
{
"name": "47529",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47529"
},
{
"name": "countperday-download-file-download(72385)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72385"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/108631/countperday-downloadxss.txt"
},
{
"name": "51402",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51402"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0896",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wordpress.org/extend/plugins/count-per-day/changelog/",
"refsource": "CONFIRM",
"url": "http://wordpress.org/extend/plugins/count-per-day/changelog/"
},
{
"name": "18355",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18355"
},
{
"name": "78270",
"refsource": "OSVDB",
"url": "http://osvdb.org/78270"
},
{
"name": "http://plugins.trac.wordpress.org/changeset/488883/count-per-day",
"refsource": "CONFIRM",
"url": "http://plugins.trac.wordpress.org/changeset/488883/count-per-day"
},
{
"name": "47529",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47529"
},
{
"name": "countperday-download-file-download(72385)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72385"
},
{
"name": "http://packetstormsecurity.org/files/108631/countperday-downloadxss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/108631/countperday-downloadxss.txt"
},
{
"name": "51402",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51402"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0896",
"datePublished": "2012-01-20T17:00:00",
"dateReserved": "2012-01-20T00:00:00",
"dateUpdated": "2024-08-06T18:38:15.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3434 (GCVE-0-2012-3434)
Vulnerability from cvelistv5
Published
2012-08-15 21:00
Modified
2024-09-16 23:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in userperspan.php in the Count Per Day module before 3.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) datemin, or (3) datemax parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.darksecurity.de/advisories/2012/SSCHADV2012-015.txt | x_refsource_MISC | |
| http://secunia.com/advisories/49692 | third-party-advisory, x_refsource_SECUNIA | |
| http://plugins.trac.wordpress.org/changeset/571926/count-per-day | x_refsource_CONFIRM | |
| http://www.osvdb.org/83491 | vdb-entry, x_refsource_OSVDB | |
| http://www.openwall.com/lists/oss-security/2012/07/27/2 | mailing-list, x_refsource_MLIST | |
| http://www.tomsdimension.de/wp-plugins/count-per-day | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/07/24/4 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.641Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-015.txt"
},
{
"name": "49692",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49692"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plugins.trac.wordpress.org/changeset/571926/count-per-day"
},
{
"name": "83491",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/83491"
},
{
"name": "[oss-security] 20120727 Re: CVE-request: WordPress plugin Count Per Day XSS (SSCHADV2012-015)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/27/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tomsdimension.de/wp-plugins/count-per-day"
},
{
"name": "[oss-security] 20120724 CVE-request: WordPress plugin Count Per Day XSS (SSCHADV2012-015)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/24/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in userperspan.php in the Count Per Day module before 3.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) datemin, or (3) datemax parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-15T21:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-015.txt"
},
{
"name": "49692",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49692"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plugins.trac.wordpress.org/changeset/571926/count-per-day"
},
{
"name": "83491",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/83491"
},
{
"name": "[oss-security] 20120727 Re: CVE-request: WordPress plugin Count Per Day XSS (SSCHADV2012-015)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/27/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tomsdimension.de/wp-plugins/count-per-day"
},
{
"name": "[oss-security] 20120724 CVE-request: WordPress plugin Count Per Day XSS (SSCHADV2012-015)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/24/4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3434",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in userperspan.php in the Count Per Day module before 3.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) datemin, or (3) datemax parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-015.txt",
"refsource": "MISC",
"url": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-015.txt"
},
{
"name": "49692",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49692"
},
{
"name": "http://plugins.trac.wordpress.org/changeset/571926/count-per-day",
"refsource": "CONFIRM",
"url": "http://plugins.trac.wordpress.org/changeset/571926/count-per-day"
},
{
"name": "83491",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/83491"
},
{
"name": "[oss-security] 20120727 Re: CVE-request: WordPress plugin Count Per Day XSS (SSCHADV2012-015)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/07/27/2"
},
{
"name": "http://www.tomsdimension.de/wp-plugins/count-per-day",
"refsource": "CONFIRM",
"url": "http://www.tomsdimension.de/wp-plugins/count-per-day"
},
{
"name": "[oss-security] 20120724 CVE-request: WordPress plugin Count Per Day XSS (SSCHADV2012-015)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/07/24/4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3434",
"datePublished": "2012-08-15T21:00:00Z",
"dateReserved": "2012-06-14T00:00:00Z",
"dateUpdated": "2024-09-16T23:05:49.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0895 (GCVE-0-2012-0895)
Vulnerability from cvelistv5
Published
2012-01-20 17:00
Modified
2024-08-06 18:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in map/map.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://wordpress.org/extend/plugins/count-per-day/changelog/ | x_refsource_CONFIRM | |
| http://www.exploit-db.com/exploits/18355 | exploit, x_refsource_EXPLOIT-DB | |
| http://plugins.trac.wordpress.org/changeset/488883/count-per-day | x_refsource_CONFIRM | |
| http://secunia.com/advisories/47529 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/78271 | vdb-entry, x_refsource_OSVDB | |
| http://packetstormsecurity.org/files/108631/countperday-downloadxss.txt | x_refsource_MISC | |
| http://www.securityfocus.com/bid/51402 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/72384 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:38:15.065Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wordpress.org/extend/plugins/count-per-day/changelog/"
},
{
"name": "18355",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18355"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plugins.trac.wordpress.org/changeset/488883/count-per-day"
},
{
"name": "47529",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47529"
},
{
"name": "78271",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78271"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/108631/countperday-downloadxss.txt"
},
{
"name": "51402",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51402"
},
{
"name": "countperday-map-xss(72384)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72384"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in map/map.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wordpress.org/extend/plugins/count-per-day/changelog/"
},
{
"name": "18355",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18355"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plugins.trac.wordpress.org/changeset/488883/count-per-day"
},
{
"name": "47529",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47529"
},
{
"name": "78271",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78271"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/108631/countperday-downloadxss.txt"
},
{
"name": "51402",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51402"
},
{
"name": "countperday-map-xss(72384)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72384"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0895",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in map/map.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wordpress.org/extend/plugins/count-per-day/changelog/",
"refsource": "CONFIRM",
"url": "http://wordpress.org/extend/plugins/count-per-day/changelog/"
},
{
"name": "18355",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18355"
},
{
"name": "http://plugins.trac.wordpress.org/changeset/488883/count-per-day",
"refsource": "CONFIRM",
"url": "http://plugins.trac.wordpress.org/changeset/488883/count-per-day"
},
{
"name": "47529",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47529"
},
{
"name": "78271",
"refsource": "OSVDB",
"url": "http://osvdb.org/78271"
},
{
"name": "http://packetstormsecurity.org/files/108631/countperday-downloadxss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/108631/countperday-downloadxss.txt"
},
{
"name": "51402",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51402"
},
{
"name": "countperday-map-xss(72384)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72384"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0895",
"datePublished": "2012-01-20T17:00:00",
"dateReserved": "2012-01-20T00:00:00",
"dateUpdated": "2024-08-06T18:38:15.065Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2012-08-15 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in userperspan.php in the Count Per Day module before 3.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) datemin, or (3) datemax parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tom_braider | count_per_day | * | |
| tom_braider | count_per_day | 1.0 | |
| wordpress | wordpress | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tom_braider:count_per_day:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD13C64-FEE8-42D2-AC90-E09661736185",
"versionEndIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tom_braider:count_per_day:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE88945-2338-4CF0-84E1-CA70A20EBFE1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A77EB0E7-7FA7-4232-97DF-7C7587D163F1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in userperspan.php in the Count Per Day module before 3.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) datemin, or (3) datemax parameter."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en userperspan.php en el m\u00f3dulo (Count Per Day) anterior a v3.2 para Wordpress permite a atacantes remotos inyectar c\u00f3digo web o HTML arbitrario a trav\u00e9s de (1) una p\u00e1gina, (2) el par\u00e1metro (datemin) o (3) el par\u00e1metro (datemax)."
}
],
"id": "CVE-2012-3434",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-08-15T21:55:03.713",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://plugins.trac.wordpress.org/changeset/571926/count-per-day"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49692"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-015.txt"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/07/24/4"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/07/27/2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.osvdb.org/83491"
},
{
"source": "secalert@redhat.com",
"url": "http://www.tomsdimension.de/wp-plugins/count-per-day"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://plugins.trac.wordpress.org/changeset/571926/count-per-day"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49692"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-015.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/07/24/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/07/27/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.osvdb.org/83491"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.tomsdimension.de/wp-plugins/count-per-day"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-01-20 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in map/map.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tom_braider | count_per_day | * | |
| tom_braider | count_per_day | 1.0 | |
| wordpress | wordpress | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tom_braider:count_per_day:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD13C64-FEE8-42D2-AC90-E09661736185",
"versionEndIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tom_braider:count_per_day:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE88945-2338-4CF0-84E1-CA70A20EBFE1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
"matchCriteriaId": "847DA578-4655-477E-8A6F-99FBE738E4F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in map/map.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en el map/map.php en el m\u00f3dulo \"Count Per Day\" de Wordpress antes de su versi\u00f3n v3.1.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro \u0027map\u0027."
}
],
"id": "CVE-2012-0895",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-01-20T17:55:01.800",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://osvdb.org/78271"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/files/108631/countperday-downloadxss.txt"
},
{
"source": "cve@mitre.org",
"url": "http://plugins.trac.wordpress.org/changeset/488883/count-per-day"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47529"
},
{
"source": "cve@mitre.org",
"url": "http://wordpress.org/extend/plugins/count-per-day/changelog/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18355"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/51402"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72384"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://osvdb.org/78271"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/files/108631/countperday-downloadxss.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://plugins.trac.wordpress.org/changeset/488883/count-per-day"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wordpress.org/extend/plugins/count-per-day/changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18355"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/51402"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72384"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-01-20 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
Absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| count_per_day_project | count_per_day | 2.2 | |
| count_per_day_project | count_per_day | 2.15 | |
| count_per_day_project | count_per_day | 2.15.1 | |
| count_per_day_project | count_per_day | 2.16 | |
| tom_braider | count_per_day | * | |
| tom_braider | count_per_day | 1.0 | |
| wordpress | wordpress | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:count_per_day_project:count_per_day:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "16CC92E8-64E4-4674-9391-4DD618F5EB2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:count_per_day_project:count_per_day:2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D50D9D0D-EB1E-4D55-A09B-5B6955EF1092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:count_per_day_project:count_per_day:2.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3648C4CE-A68F-4ED9-99BB-C0EA0E3F86A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:count_per_day_project:count_per_day:2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "ADFC1ADA-9CF9-4354-B843-B7451460675D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tom_braider:count_per_day:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD13C64-FEE8-42D2-AC90-E09661736185",
"versionEndIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tom_braider:count_per_day:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE88945-2338-4CF0-84E1-CA70A20EBFE1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
"matchCriteriaId": "847DA578-4655-477E-8A6F-99FBE738E4F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter."
},
{
"lang": "es",
"value": "Una vulnerabilidad de salto de directorio abosluto en download.php en el modulo de Wordpress llamado \"Count Per Day\" antes de su versi\u00f3n v3.1.1, permite a atacantes remotos leer ficheros de su elecci\u00f3n mediante el par\u00e1metro \u0027f\u0027."
}
],
"id": "CVE-2012-0896",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-01-20T17:55:01.910",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://osvdb.org/78270"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/files/108631/countperday-downloadxss.txt"
},
{
"source": "cve@mitre.org",
"url": "http://plugins.trac.wordpress.org/changeset/488883/count-per-day"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47529"
},
{
"source": "cve@mitre.org",
"url": "http://wordpress.org/extend/plugins/count-per-day/changelog/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18355"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/51402"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72385"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://osvdb.org/78270"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/files/108631/countperday-downloadxss.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://plugins.trac.wordpress.org/changeset/488883/count-per-day"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wordpress.org/extend/plugins/count-per-day/changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18355"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/51402"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72385"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}