6 results (0.012 seconds)

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

SQL injection vulnerability in counter-options.php in the Count Per Day plugin before 3.4.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the cpd_keep_month parameter to wp-admin/options-general.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands. Vulnerabilidad de inyección SQL en counter-options.php en el plugin Cout Per Day en versiones anteriores a la 3.4.1 para WordPress permite que administradores remotos autenticados ejecuten comandos SQL arbitrarios mediante el parámetro cpd_keep_month a wp-admin/options-general.php. NOTA: se puede explotar mediante Cross-Site Request Forgery (CSRF) para permitir a atacantes remotos ejecutar comandos SQL arbitrarios. WordPress Count Per Day plugin version 3.4 suffers from a remote SQL injection vulnerability. • https://www.exploit-db.com/exploits/37707 http://packetstormsecurity.com/files/132811/WordPress-Count-Per-Day-3.4-SQL-Injection.html http://www.securityfocus.com/archive/1/536056/100/0/threaded https://plugins.trac.wordpress.org/changeset/1190683/count-per-day https://wpvulndb.com/vulnerabilities/8110 https://www.htbridge.com/advisory/HTB23267 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

The "Count per Day" plugin before 3.2.6 for WordPress allows XSS via the wp-admin/?page=cpd_metaboxes daytoshow parameter. El complemento "Count per Day" anterior a 3.2.6 para WordPress permite XSS a través del parámetro wp-admin /? Page = cpd_metaboxes daytoshow. • https://lists.openwall.net/full-disclosure/2013/03/05/2 https://wordpress.org/plugins/count-per-day/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 4

Multiple cross-site scripting (XSS) vulnerabilities in userperspan.php in the Count Per Day module before 3.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) datemin, or (3) datemax parameter. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en userperspan.php en el módulo (Count Per Day) anterior a v3.2 para Wordpress permite a atacantes remotos inyectar código web o HTML arbitrario a través de (1) una página, (2) el parámetro (datemin) o (3) el parámetro (datemax). • http://plugins.trac.wordpress.org/changeset/571926/count-per-day http://secunia.com/advisories/49692 http://www.darksecurity.de/advisories/2012/SSCHADV2012-015.txt http://www.openwall.com/lists/oss-security/2012/07/24/4 http://www.openwall.com/lists/oss-security/2012/07/27/2 http://www.osvdb.org/83491 http://www.tomsdimension.de/wp-plugins/count-per-day • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

The count-per-day plugin before 3.2.3 for WordPress has XSS via search words. El plugin count-per-day anterior a la versión 3.2.3 para WordPress tiene XSS a través de palabras de búsqueda. • https://wordpress.org/plugins/count-per-day/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 5

Cross-site scripting (XSS) vulnerability in map/map.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map parameter. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en el map/map.php en el módulo "Count Per Day" de Wordpress antes de su versión v3.1.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro 'map'. The Count per Day plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘map’ parameter in versions up to, and including, 3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://www.exploit-db.com/exploits/18355 http://osvdb.org/78271 http://packetstormsecurity.org/files/108631/countperday-downloadxss.txt http://plugins.trac.wordpress.org/changeset/488883/count-per-day http://secunia.com/advisories/47529 http://wordpress.org/extend/plugins/count-per-day/changelog http://www.exploit-db.com/exploits/18355 http://www.securityfocus.com/bid/51402 https://exchange.xforce.ibmcloud.com/vulnerabilities/72384 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •