|
Description
|
|
Two vulnerabilities have been discovered in the Count Per Day plugin for WordPress, which can be exploited by malicious people to bypass certain security restrictions and conduct script insertion attacks.
1) Input passed via the "note" parameter to wp-content/plugins/count-per-day/notes.php is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is viewed.
2) The application does not sufficiently verify permissions when accessing the wp-content/plugins/count-per-day/notes.php script. This can be exploited to e.g. disclose or manipulate the contents of notes.
The vulnerabilities are confirmed in version 3.2.3. Other versions may also be affected.
|
