Summary
This host is running WordPress with Count per Day plugin and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attacker to execute arbitrary HTML or web script in a user's browser session in context of an affected site, cause denial of service, and discloses the software installation path results in a loss of confidentiality.
Impact Level: Application
Solution
Update to version 3.2.6 or later,
For updates refer to http://wordpress.org/extend/plugins/count-per-day
Insight
- Malicious input passed via 'daytoshow' parameter to /wp-content /wp-admin/index.php script is not properly sanitised before being returned to the user.
- Malicious input passed via POST parameters to wordpress/wp-content/plugins /count-per-day/notes.php script is not properly sanitised before being returned to the user.
- Malformed GET request to ajax.php, counter-core.php, counter-options.php, counter.php, massbots.php, and userperspan.php scripts.
Affected
WordPress Count per Day plugin <= 3.2.5
References
Severity
Classification
-
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:C/I:N/A:N
Related Vulnerabilities
- Athena Web Registration remote command execution flaw
- 3Com OfficeConnect VPN Firewall Default Password Security Bypass Vulnerability
- appRain CMF SQL Injection And Cross Site Scripting Vulnerabilities
- A-Blog 'sources/search.php' SQL Injection Vulnerability
- Admin Bot 'news.php' SQL Injection Vulnerability