7.5
CVE-2022-43468
- EPSS 0.85%
- Veröffentlicht 07.12.2022 04:15:10
- Zuletzt bearbeitet 23.04.2025 19:16:23
- Quelle vultures@jpcert.or.jp
- CVE-Watchlists
- Unerledigt
LoginWordPress Popular Posts <= 6.0.5 - Unauthenticated Views Changes
External initialization of trusted variables or data stores vulnerability exists in WordPress Popular Posts 6.0.5 and earlier, therefore the vulnerable product accepts untrusted external inputs to update certain internal variables. As a result, the number of views for an article may be manipulated through a crafted input.
Mögliche Gegenmaßnahme
WP Popular Posts: Update to version 6.1.0, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Wordpress Popular Posts Project ≫ Wordpress Popular Posts SwPlatformwordpress Version <= 6.0.5
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
WP Popular Posts
Version
*-6.0.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.85% | 0.532 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
CWE-665 Improper Initialization
The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.
https://wordpress.org/plugins/wordpress-popular-posts/
https://github.com/cabrerahector/wordpress-popular-posts/
https://jvn.jp/en/jp/JVN13927745/index.html
https://www.wordfence.com/threat-intel/vulnerabilities/id/1f42b3fc-cb2a-4e95-a55b-608ae64d8b58