VYPR

Top 10

by WordPress

Source repositories

CVEs (5)

  • CVE-2025-47509MedMay 7, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ajay Top 10 top-10 allows Stored XSS.This issue affects Top 10: from n/a through <= 4.1.0.

  • CVE-2020-36761MedJul 12, 2023
    risk 0.28cvss 4.3epss 0.01

    The Top 10 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.10.4. This is due to missing or incorrect nonce validation on the tptn_export_tables() function. This makes it possible for unauthenticated attackers to generate an…

  • CVE-2023-47238MedNov 9, 2023
    risk 0.21cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in WebberZone Top 10 – WordPress Popular posts by WebberZone plugin <= 3.3.2 versions.

  • CVE-2023-26008Mar 23, 2023
    risk 0.00cvss epss 0.00

    Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ajay D'Souza Top 10 – Popular posts plugin for WordPress plugin <= 3.2.4 versions.

  • CVE-2022-4570Jan 23, 2023
    risk 0.00cvss epss 0.00

    The Top 10 WordPress plugin before 3.2.3 does not validate and escape some of its Block attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high…