MidnightBSD

Advisories for count_per_day_project

CVE-2012-0896 MEDIUM

Absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
count_per_day_project count_per_day 2.16
count_per_day_project count_per_day 2.15
count_per_day_project count_per_day 2.15.1
count_per_day_project count_per_day 2.2
tom_braider count_per_day *
tom_braider count_per_day 1.0
CVE-2012-6714 MEDIUM

The count-per-day plugin before 3.2.3 for WordPress has XSS via search words.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
count_per_day_project count_per_day *
CVE-2013-7472 MEDIUM

The "Count per Day" plugin before 3.2.6 for WordPress allows XSS via the wp-admin/?page=cpd_metaboxes daytoshow parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
count_per_day_project count_per_day *
CVE-2015-5533 MEDIUM

SQL injection vulnerability in counter-options.php in the Count Per Day plugin before 3.4.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the cpd_keep_month parameter to wp-admin/options-general.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
count_per_day_project count_per_day *