WordPress Plugin Vulnerabilities

WordPress Popular Posts < 6.1.0 - Unauthenticated Views Manipulation

Description

The plugin does not validate some user inputs via a REST endpoint, which could allow unauthenticated users to update the number of views of articles

Affects Plugins

Plugin icon
wordpress-popular-posts
Fixed in 6.1.0

References

CVE
CVE-2022-43468
URL
https://jvn.jp/en/jp/JVN13927745/

Classification

Type
ACCESS CONTROLS
OWASP top 10
A5: Broken Access Control
CWE
CWE-284
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Tsubasa Iinuma of Origami Systems
Verified
No
WPVDB ID
9e497a16-67dc-47f7-b509-63bf11888f56

Timeline

Publicly Published
2022-11-18 (about 3 years ago)
Added
2022-11-18 (about 3 years ago)
Last Updated
2022-11-18 (about 3 years ago)

Other

Published
Title
Published
2024-03-20
Title
WooCommerce Cloak Affiliate Links < 1.0.34 - Missing Authorization to Unauthenticated Permalink Modification
Published
2021-01-28
Title
uListing < 1.7 - Missing Access Controls
Published
2024-04-19
Title
VikBooking < 1.6.8 - Broken Access Control
Published
2023-12-22
Title
easy.jobs < 2.4.7 - Subscriber+ Arbitrary Settings Update
Published
2021-10-05
Title
Simple Download Monitor < 3.9.6 - Arbitrary Thumbnails Removal