Description

WordPress Plugin Count per Day is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. WordPress Plugin Count per Day version 3.2.5 is vulnerable; prior versions may also be affected.

Remediation

Update to the latest version

References

http://seclists.org/fulldisclosure/2013/Mar/43

http://packetstormsecurity.com/files/120631/WordPress-Counter-Per-Day-3.2.3-Path-Disclosure.html

Related Vulnerabilities

Contao Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-45604)

WordPress Plugin Content Aware Sidebars-Unlimited Widget Areas Security Bypass (3.8)

WordPress Plugin Insert or Embed Articulate Content into WordPress Arbitrary File Upload (4.3000000023)

Squid CVE-2019-12523 Vulnerability (CVE-2019-12523)

Django Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-28658)

Severity

High

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Information Disclosure