wordpress Count per Day Cross Site Scripting Vulnerability

vendor:

Count Per Day

by:

Crim3R

8,8

CVSS

HIGH

Stored XSS

CWE

Product Name: Count Per Day

Affected Version From: 3.2.3

Affected Version To: 3.2.3

Patch Exists: NO

Related CWE: N/A

CPE: a:wordpress:count_per_day:3.2.3

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: All

2012

wordpress Count per Day Cross Site Scripting Vulnerability

An attacker can add notes with HTML code which can be stored and accessed by anyone with the direct URL to the notes.php file.

Mitigation:

Restrict access to the notes.php file to only admin users.

Source

Exploit-DB raw data:

###################################################################################

# Exploit Title: wordpress Count per Day Cross Site Scripting Vulnerability
#
# Google Dork:inurl:/wp-content/plugins/count-per-day
#
# Date: 08/24/2012
#
# Author: Crim3R
#
# Version 3.2.3
#
# Vendor Home : http://downloads.wordpress.org/plugin/count-per-day.3.2.3.zip
#
# Tested on: all
#
###################################################################################

$
$        Author will be not responsible for any damage.
$
###################################################################################

 
========================================
first notes.php is not restricted to admin and anyone can access it directty by 
browser => an attacker can add notes witch 

can be html codes => its Stored Xss
goto WP-path/wp-content/plugins/count-per-day/notes.php
in the notes section add html code and click Add
D3M0 : 
http://www.christinedesavino.com/blog/wp-content/plugins/count-per-day 

http://www.dhakadakshinghsc.com/wp-content/plugins/count-per-day/

www.watansport.net/ara/wp-content/plugins/count-per-day/


===============Crim3R@Att.Net===========

$home = %00
thanks to :  2MzRp - Mikili - 0x0ptim0us - iC0d3R - farbodmahini & Amir