CVE-2022-43468

HIGH

WordPress Popular Posts <6.0.5 - Info Disclosure

Title source: llm

Description

External initialization of trusted variables or data stores vulnerability exists in WordPress Popular Posts 6.0.5 and earlier, therefore the vulnerable product accepts untrusted external inputs to update certain internal variables. As a result, the number of views for an article may be manipulated through a crafted input.

References (3)

[Third Party Advisory] https://github.com/cabrerahector/wordpress-popular-posts/

View Writeup ZIP pw:eip

[Third Party Advisory] https://jvn.jp/en/jp/JVN13927745/index.html

[Product] https://wordpress.org/plugins/wordpress-popular-posts/

Scores

CVSS v3 7.5

EPSS 0.0052

EPSS Percentile 67.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-665

Status published

Products (1)

wordpress_popular_posts_project/wordpress_popular_posts < 6.0.5

Published Dec 07, 2022

Tracked Since Feb 18, 2026