{"api_version":"1","generated_at":"2026-04-26T03:57:33+00:00","cve":"CVE-2012-3434","urls":{"html":"https://cve.report/CVE-2012-3434","api":"https://cve.report/api/cve/CVE-2012-3434.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2012-3434","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2012-3434"},"summary":{"title":"CVE-2012-3434","description":"Multiple cross-site scripting (XSS) vulnerabilities in userperspan.php in the Count Per Day module before 3.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) datemin, or (3) datemax parameter.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2012-08-15 21:55:00","updated_at":"2020-07-13 10:51:00"},"problem_types":["CWE-79"],"metrics":[],"references":[{"url":"http://www.darksecurity.de/advisories/2012/SSCHADV2012-015.txt","name":"http://www.darksecurity.de/advisories/2012/SSCHADV2012-015.txt","refsource":"MISC","tags":["Exploit"],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2012/07/27/2","name":"[oss-security] 20120727 Re: CVE-request: WordPress plugin Count Per Day XSS (SSCHADV2012-015)","refsource":"MLIST","tags":[],"title":"oss-security - Re: CVE-request: WordPress plugin Count Per Day XSS\n (SSCHADV2012-015)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://plugins.trac.wordpress.org/changeset/571926/count-per-day","name":"http://plugins.trac.wordpress.org/changeset/571926/count-per-day","refsource":"CONFIRM","tags":["Exploit","Patch"],"title":"403 Forbidden","mime":"text/html","httpstatus":"403","archivestatus":"403"},{"url":"http://www.tomsdimension.de/wp-plugins/count-per-day","name":"http://www.tomsdimension.de/wp-plugins/count-per-day","refsource":"CONFIRM","tags":[],"title":"Count per Day : Toms Dimension","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2012/07/24/4","name":"[oss-security] 20120724 CVE-request: WordPress plugin Count Per Day XSS (SSCHADV2012-015)","refsource":"MLIST","tags":[],"title":"oss-security - CVE-request: WordPress plugin Count Per Day XSS (SSCHADV2012-015)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.osvdb.org/83491","name":"83491","refsource":"OSVDB","tags":["Exploit"],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://secunia.com/advisories/49692","name":"49692","refsource":"SECUNIA","tags":["Exploit","Vendor Advisory"],"title":"Security Alerts - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2012-3434","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3434","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2012","cve_id":"3434","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"tom_braider","cpe5":"count_per_day","cpe6":"1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"3434","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"tom_braider","cpe5":"count_per_day","cpe6":"1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"3434","vulnerable":"1","versionEndIncluding":"3.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"tom_braider","cpe5":"count_per_day","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"3434","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"wordpress","cpe5":"wordpress","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"3434","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"wordpress","cpe5":"wordpress","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"secalert@redhat.com","ID":"CVE-2012-3434","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple cross-site scripting (XSS) vulnerabilities in userperspan.php in the Count Per Day module before 3.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) datemin, or (3) datemax parameter."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://www.darksecurity.de/advisories/2012/SSCHADV2012-015.txt","refsource":"MISC","url":"http://www.darksecurity.de/advisories/2012/SSCHADV2012-015.txt"},{"name":"49692","refsource":"SECUNIA","url":"http://secunia.com/advisories/49692"},{"name":"http://plugins.trac.wordpress.org/changeset/571926/count-per-day","refsource":"CONFIRM","url":"http://plugins.trac.wordpress.org/changeset/571926/count-per-day"},{"name":"83491","refsource":"OSVDB","url":"http://www.osvdb.org/83491"},{"name":"[oss-security] 20120727 Re: CVE-request: WordPress plugin Count Per Day XSS (SSCHADV2012-015)","refsource":"MLIST","url":"http://www.openwall.com/lists/oss-security/2012/07/27/2"},{"name":"http://www.tomsdimension.de/wp-plugins/count-per-day","refsource":"CONFIRM","url":"http://www.tomsdimension.de/wp-plugins/count-per-day"},{"name":"[oss-security] 20120724 CVE-request: WordPress plugin Count Per Day XSS (SSCHADV2012-015)","refsource":"MLIST","url":"http://www.openwall.com/lists/oss-security/2012/07/24/4"}]}},"nvd":{"publishedDate":"2012-08-15 21:55:00","lastModifiedDate":"2020-07-13 10:51:00","problem_types":["CWE-79"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:tom_braider:count_per_day:*:*:*:*:*:*:*:*","versionEndIncluding":"3.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:tom_braider:count_per_day:1.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2012","CveId":"3434","Ordinal":"56181","Title":"CVE-2012-3434","CVE":"CVE-2012-3434","Year":"2012"},"notes":[{"CveYear":"2012","CveId":"3434","Ordinal":"1","NoteData":"Multiple cross-site scripting (XSS) vulnerabilities in userperspan.php in the Count Per Day module before 3.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) datemin, or (3) datemax parameter.","Type":"Description","Title":null},{"CveYear":"2012","CveId":"3434","Ordinal":"2","NoteData":"2012-08-15","Type":"Other","Title":"Published"}]}}}