Wordpress Popular Posts
by WordPress
Source repositories
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-11733 | Hig | 0.48 | 7.3 | 0.01 | Jan 3, 2025 | The The WordPress Popular Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 7.1.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode.… | ||
| CVE-2021-42362 | 0.03 | — | 0.82 | Nov 17, 2021 | The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/src/Image.php file which makes it possible for attackers with contributor level access and above to upload malicious files that can… | |||
| CVE-2023-45607 | 0.00 | — | 0.00 | Oct 18, 2023 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Hector Cabrera WordPress Popular Posts plugin <= 6.3.2 versions. | |||
| CVE-2022-43468 | 0.00 | — | 0.01 | Dec 7, 2022 | External initialization of trusted variables or data stores vulnerability exists in WordPress Popular Posts 6.0.5 and earlier, therefore the vulnerable product accepts untrusted external inputs to update certain internal variables. As a result, the number of views for an article… | |||
| CVE-2021-36872 | 0.00 | — | 0.00 | Sep 23, 2021 | Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress Popular Posts plugin (versions <= 5.3.3). Vulnerable at &widget-wpp[2][post_type]. | |||
| CVE-2021-20746 | 0.00 | — | 0.01 | Jun 28, 2021 | Cross-site scripting vulnerability in WordPress Popular Posts 5.3.2 and earlier allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. |
- risk 0.48cvss 7.3epss 0.01
The The WordPress Popular Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 7.1.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode.…
- CVE-2021-42362Nov 17, 2021risk 0.03cvss —epss 0.82
The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/src/Image.php file which makes it possible for attackers with contributor level access and above to upload malicious files that can…
- CVE-2023-45607Oct 18, 2023risk 0.00cvss —epss 0.00
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Hector Cabrera WordPress Popular Posts plugin <= 6.3.2 versions.
- CVE-2022-43468Dec 7, 2022risk 0.00cvss —epss 0.01
External initialization of trusted variables or data stores vulnerability exists in WordPress Popular Posts 6.0.5 and earlier, therefore the vulnerable product accepts untrusted external inputs to update certain internal variables. As a result, the number of views for an article…
- CVE-2021-36872Sep 23, 2021risk 0.00cvss —epss 0.00
Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress Popular Posts plugin (versions <= 5.3.3). Vulnerable at &widget-wpp[2][post_type].
- CVE-2021-20746Jun 28, 2021risk 0.00cvss —epss 0.01
Cross-site scripting vulnerability in WordPress Popular Posts 5.3.2 and earlier allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.