Vulnerability Description
External initialization of trusted variables or data stores vulnerability exists in WordPress Popular Posts 6.0.5 and earlier, therefore the vulnerable product accepts untrusted external inputs to update certain internal variables. As a result, the number of views for an article may be manipulated through a crafted input.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wordpress Popular Posts Project | Wordpress Popular Posts | <= 6.0.5 |
Related Weaknesses (CWE)
References
- https://github.com/cabrerahector/wordpress-popular-posts/Third Party Advisory
- https://jvn.jp/en/jp/JVN13927745/index.htmlThird Party Advisory
- https://wordpress.org/plugins/wordpress-popular-posts/Product
- https://github.com/cabrerahector/wordpress-popular-posts/Third Party Advisory
- https://jvn.jp/en/jp/JVN13927745/index.htmlThird Party Advisory
- https://wordpress.org/plugins/wordpress-popular-posts/Product
FAQ
What is CVE-2022-43468?
CVE-2022-43468 is a vulnerability with a CVSS score of 7.5 (HIGH). External initialization of trusted variables or data stores vulnerability exists in WordPress Popular Posts 6.0.5 and earlier, therefore the vulnerable product accepts untrusted external inputs to upd...
How severe is CVE-2022-43468?
CVE-2022-43468 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-43468?
Check the references section above for vendor advisories and patch information. Affected products include: Wordpress Popular Posts Project Wordpress Popular Posts.