ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Count Per Day Plugin <= 3.1 - Multiple XSS

Product
Count per Day
Description
Because of these vulnerabilities in userperspan.php, the attackers can inject arbitrary web script or HTML via 3 parameters: "page", "datemax" or "datemin".
Solution
Update the plugin.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
CVE Mitre
CVE
Name CVE-2012-3434
Versions
Affected In <= 3.1
Fixed In 3.2
Disclosure date
2012-06-14
Credits
Henri Salo