cabrerahector

2 exploits Active since Sep 2021
CVE-2021-36872 WRITEUP MEDIUM WRITEUP
WordPress Popular Posts <= 5.3.3 - Authenticated Stored Cross-Site Scripting via Widget Post Type Parameter
Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress Popular Posts plugin (versions <= 5.3.3). Vulnerable at &widget-wpp[2][post_type].
CVSS 5.5
CVE-2022-43468 WRITEUP HIGH STUB
WordPress Popular Posts <6.0.5 - Info Disclosure
External initialization of trusted variables or data stores vulnerability exists in WordPress Popular Posts 6.0.5 and earlier, therefore the vulnerable product accepts untrusted external inputs to update certain internal variables. As a result, the number of views for an article may be manipulated through a crafted input.
CVSS 7.5