Affected products: Count Per Day 3.x (plugin for WordPress)
Affected versions: WordPress Count Per Day 3.2.3, possibly earlier.
Description:
The vulnerability allows malicious people to conduct XSS attacks.
The vulnerability is caused due to insufficient input validation in the parameter “note” in the script wp-content/plugins/count-per-day/notes.php. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.
Manufacturer URL: http://wordpress.org/extend/plugins/count-per-day/