WordPress Count Per Day Plugin 'note' Parameter Persistent XSS Vulnerability Network Vulnerability

Summary

This host is running WordPress with Count per Day plugin and is prone to cross site scripting vulnerability.

Impact

Successful exploitation will allow remote attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site. Impact Level: Application

Solution

Upgrade to version 3.2.4 or later, For updates refer to http://wordpress.org/extend/plugins/count-per-day

Insight

The input passed via 'note' parameter to '/wp-content/plugins/count-per-day/notes.php' script is not properly validated, which allows attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.

Affected

WordPress Count per Day Plugin version 3.2.3 and prior

References

http://packetstormsecurity.org/files/115904/WordPress-Count-Per-Day-3.2.3-Cross-Site-Scripting.html
http://www.exploit-db.com/exploits/20862/

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
Apache Struts Cross Site Scripting Vulnerability
3Com NBX VoIP NetSet Detection
Apache Tomcat Directory Listing and File disclosure
AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities

WordPress Count per Day Plugin 'note' Parameter Persistent XSS Vulnerability

Take action and discover your vulnerabilities