Summary
This host is running WordPress with Count per Day plugin and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attacker to execute arbitrary HTML or web script in a user's browser session in context of an affected site, cause denial of service, and discloses the software installation path results in a loss of confidentiality.
Impact Level: Application
Solution
Update to version 3.2.6 or later,
For updates refer to http://wordpress.org/extend/plugins/count-per-day
Insight
- Malicious input passed via 'daytoshow' parameter to /wp-content /wp-admin/index.php script is not properly sanitised before being returned to the user.
- Malicious input passed via POST parameters to wordpress/wp-content/plugins /count-per-day/notes.php script is not properly sanitised before being returned to the user.
- Malformed GET request to ajax.php, counter-core.php, counter-options.php, counter.php, massbots.php, and userperspan.php scripts.
Affected
WordPress Count per Day plugin <= 3.2.5
References
Severity
Classification
-
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:C/I:N/A:N
Related Vulnerabilities
- Atlassian JIRA FishEye and Crucible Plugins XML Parsing Unspecified Security Vulnerability
- Artmedic Kleinanzeigen File Inclusion Vulnerability
- Andy's PHP Knowledgebase 'step5.php' Remote PHP Code Execution Vulnerability
- ATutor < 1.5.1-pl1 Multiple Flaws
- ArticleSetup Multiple Cross-Site Scripting and SQL Injection Vulnerabilities