Summary
This host is running WordPress with Count per Day plugin and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attacker to execute arbitrary HTML or web script in a user's browser session in context of an affected site, cause denial of service, and discloses the software installation path results in a loss of confidentiality.
Impact Level: Application
Solution
Update to version 3.2.6 or later,
For updates refer to http://wordpress.org/extend/plugins/count-per-day
Insight
- Malicious input passed via 'daytoshow' parameter to /wp-content /wp-admin/index.php script is not properly sanitised before being returned to the user.
- Malicious input passed via POST parameters to wordpress/wp-content/plugins /count-per-day/notes.php script is not properly sanitised before being returned to the user.
- Malformed GET request to ajax.php, counter-core.php, counter-options.php, counter.php, massbots.php, and userperspan.php scripts.
Affected
WordPress Count per Day plugin <= 3.2.5
References
Severity
Classification
-
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:C/I:N/A:N
Related Vulnerabilities
- Acute Control Panel SQL Injection Vulnerability and Remote File Include Vulnerability
- ARRIS 2307 Unprotected Web Console
- AdaptBB Multiple Input Validation Vulnerabilities
- AlstraSoft AskMe Pro 'forum_answer.php' and 'profile.php' Multiple SQL Injection Vulnerabilities
- ApPHP MicroBlog Remote Code Execution Vulnerability