CVE-2012-0895

Count Per Day < 3.1.1 - Cross-Site Scripting via Map Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-0895. PoCs published by 6Scan.

AI-analyzed exploit summary This exploit demonstrates arbitrary file download and reflected XSS vulnerabilities in the Count-per-day WordPress plugin. The file download PoC leverages a direct path traversal to retrieve sensitive files, while the XSS PoC injects malicious script tags via user-controlled input.

Description

Cross-site scripting (XSS) vulnerability in map/map.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by 6Scan · textwebappsphp
https://www.exploit-db.com/exploits/18355

This exploit demonstrates arbitrary file download and reflected XSS vulnerabilities in the Count-per-day WordPress plugin. The file download PoC leverages a direct path traversal to retrieve sensitive files, while the XSS PoC injects malicious script tags via user-controlled input.

Classification
Working Poc 100%
Attack Type
Info Leak | Xss
Complexity
Trivial
Reliability
Reliable
Target: Count-per-day WordPress plugin < 3.1.1
No auth needed
Prerequisites: WordPress installation with vulnerable Count-per-day plugin · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/18355
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/47529
Exploit vdb-entry x_refsource_osvdb
http://osvdb.org/78271
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/51402
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/72384

Scores

EPSS 0.0552
EPSS Percentile 91.8%

Details

CWE
CWE-79
Status published
Products (2)
tom_braider/count_per_day 1.0
tom_braider/count_per_day < 3.1
Published Jan 20, 2012
Tracked Since Feb 18, 2026