High severity7.2NVD Advisory· Published Oct 23, 2017· Updated May 13, 2026

CVE-2015-5533

Description

SQL injection vulnerability in counter-options.php in the Count Per Day plugin before 3.4.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the cpd_keep_month parameter to wp-admin/options-general.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/132811/WordPress-Count-Per-Day-3.4-SQL-Injection.htmlnvdThird Party AdvisoryVDB Entry
wpvulndb.com/vulnerabilities/8110nvdThird Party Advisory
www.exploit-db.com/exploits/37707/nvdThird Party AdvisoryVDB Entry
www.htbridge.com/advisory/HTB23267nvdThird Party Advisory
plugins.trac.wordpress.org/changeset/1190683/count-per-daynvdIssue Tracking
www.securityfocus.com/archive/1/536056/100/0/threadednvd

News mentions

No linked articles in our index yet.

cvss	0.468
epss	0.008
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000