Cross-site scripting (XSS) vulnerability in map/map.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tom_braider | count_per_day | 1.0 |
| tom_braider | count_per_day | * |
Absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tom_braider | count_per_day | 1.0 |
| count_per_day_project | count_per_day | 2.16 |
| count_per_day_project | count_per_day | 2.15 |
| tom_braider | count_per_day | * |
| count_per_day_project | count_per_day | 2.15.1 |
| count_per_day_project | count_per_day | 2.2 |