WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

WordPress Popular Posts < 6.1.0 - Unauthenticated Views Manipulation

Description

The plugin does not validate some user inputs via a REST endpoint, which could allow unauthenticated users to update the number of views of articles

Affects Plugins

wordpress-popular-posts
Fixed in version 6.1.0

References

CVE
CVE-2022-43468
URL
https://jvn.jp/en/jp/JVN13927745/

Classification

Type

ACCESS CONTROLS

OWASP top 10
A5: Broken Access Control
CWE
CWE-284

Miscellaneous

Original Researcher

Tsubasa Iinuma of Origami Systems

Verified

No

WPVDB ID
9e497a16-67dc-47f7-b509-63bf11888f56

Timeline

Publicly Published

2022-11-18 (about 2 months ago)

Added

2022-11-18 (about 2 months ago)

Last Updated

2022-11-18 (about 2 months ago)

Our Other Services

WPScan WordPress Security Plugin