CVE Vulnerability

CVE-2022-43468

External initialization of trusted variables or data stores vulnerability exists in WordPress Popular Posts 6.0.5 and earlier, therefore the vulnerable product accepts untrusted external inputs to update certain internal variables. As a result, the number of views for an article may be manipulated through a crafted input.

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/cabrerahector/wordpress-popular-posts/ Third Party Advisory
https://jvn.jp/en/jp/JVN13927745/index.html Third Party Advisory
https://wordpress.org/plugins/wordpress-popular-posts/ Product
Configurations

Configuration 1

cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:*:*:*:*:*:wordpress:*:*
Information

Published : 2022-12-07 04:15

Updated : 2022-12-09 12:28

NVD link : CVE-2022-43468

Mitre link : CVE-2022-43468

Products Affected
No products.
CWE
CWE-665