Pavel Komisarchuk

**Name of the Vulnerable Software and Affected Versions** Count Per Day module versions prior to 3.1.1 **Description** A cross-site scripting issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the `map` parameter in the map/map.php file. **Recommendations** For versions prior to 3.1.1, update to version 3.1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the map/map.php file to minimize the risk of exploitation. Avoid using the `map` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Count Per Day module versions prior to 3.1.1 for WordPress **Description** The issue allows remote attackers to read arbitrary files via the `f` parameter in the download.php file. This is due to an absolute path traversal vulnerability. **Recommendations** For versions prior to 3.1.1, update to version 3.1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the download.php file to minimize the risk of exploitation. Avoid using the `f` parameter in the download.php file until the issue is resolved.