Name: Count per Day
Type: XSS
Status: Count per Day has not been patched yet. •
Description:
Input passed via the "daytoshow" POST parameter to wp-content/wp-admin/index.php (when "page" is set to "cpd_metaboxes") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.
Type: XSS
Exploit version: 3.2.5
Release Date: 03-05-2013 Status: Count per Day has not been patched yet. •
Description:
Input passed via the "daytoshow" POST parameter to wp-content/wp-admin/index.php (when "page" is set to "cpd_metaboxes") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.
Plugin Information
- Downloaded: 278168 Times
- Current Version: 3.2.5
- Author: Profile
- Tested up to: 3.5.1
- Download Plugin
Security Information
- Secunia ID: http://secunia.com/advisories/52436/
- Credit: alejandr0.m0f0
- Plugin statistics provided by WordPress.org. Updated within the last day or so.
- ¹ Status info requires plugin author's to fill in versioning info on the wordpress.org repository
