Count per Day <= 3.5.4 – Authenticated Reflected Cross-Site Scripting (XSS)

Affects Plugins

count-per-day

Fixed in 3.5.5

References

URL

https://sumofpwn.nl/advisory/2016/cross_site_scripting_in_count_per_day_wordpress_plugin.html

URL

https://seclists.org/fulldisclosure/2016/Aug/23

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Submitter

ethicalhack3r

Submitter twitter

ethicalhack3r

Verified

No

WPVDB ID

7e871336-226a-49f2-9c8b-201afb72ec68

Timeline

Publicly Published

2016-08-04 (about 9 years ago)

Added

2016-08-12 (about 9 years ago)

Last Updated

2019-11-01 (about 6 years ago)

Other

Published

Title

Published

2024-10-16

Title

SendPulse Free Web Push < 1.3.7 - Unauthenticated Stored Cross-Site Scripting

Published

2026-01-20

Title

NotificationX < 3.2.1 - Unauthenticated DOM-Based Cross-Site Scripting via 'nx-preview'

Published

2024-11-04

Title

XT Floating Cart for WooCommerce < 2.8.3 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

Published

2017-09-02

Title

SmokeSignal <= 1.2.6 - Authenticated Stored XSS

Published

2025-06-13

Title

YITH WooCommerce Wishlist < 4.6.0 - Contributor+ Stored XSS via id Parameter