Description
External initialization of trusted variables or data stores vulnerability exists in WordPress Popular Posts 6.0.5 and earlier, therefore the vulnerable product accepts untrusted external inputs to update certain internal variables. As a result, the number of views for an article may be manipulated through a crafted input.
Affected Software
Related
{"id": "CVE-2022-43468", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2022-43468", "description": "External initialization of trusted variables or data stores vulnerability exists in WordPress Popular Posts 6.0.5 and earlier, therefore the vulnerable product accepts untrusted external inputs to update certain internal variables. As a result, the number of views for an article may be manipulated through a crafted input.", "published": "2022-12-07T04:15:00", "modified": "2022-12-09T00:28:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43468", "reporter": "vultures@jpcert.or.jp", "references": ["https://github.com/cabrerahector/wordpress-popular-posts/", "https://jvn.jp/en/jp/JVN13927745/index.html", "https://wordpress.org/plugins/wordpress-popular-posts/"], "cvelist": ["CVE-2022-43468"], "immutableFields": [], "lastseen": "2022-12-09T01:12:28", "viewCount": 19, "enchantments": {"dependencies": {"references": [{"type": "jvn", "idList": ["JVN:13927745"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:9E497A16-67DC-47F7-B509-63BF11888F56"]}]}, "score": {"value": 2.3, "vector": "NONE"}, "affected_software": {"major_version": [{"name": "wordpress popular posts project wordpress popular posts", "version": 6}]}, "vulnersScore": 2.3}, "_state": {"dependencies": 1670548368, "score": 1670548447, "affected_software_major_version": 1671611801}, "_internal": {"score_hash": "a3e70abed4aa908a2d076cb365550fc4"}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": ["cpe:/a:wordpress_popular_posts_project:wordpress_popular_posts:6.0.5"], "cpe23": ["cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:6.0.5:*:*:*:*:wordpress:*:*"], "cwe": ["CWE-665"], "affectedSoftware": [{"cpeName": "wordpress_popular_posts_project:wordpress_popular_posts", "version": "6.0.5", "operator": "le", "name": "wordpress popular posts project wordpress popular posts"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:6.0.5:*:*:*:*:wordpress:*:*", "versionEndIncluding": "6.0.5", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://github.com/cabrerahector/wordpress-popular-posts/", "name": "https://github.com/cabrerahector/wordpress-popular-posts/", "refsource": "MISC", "tags": ["Third Party Advisory"]}, {"url": "https://jvn.jp/en/jp/JVN13927745/index.html", "name": "https://jvn.jp/en/jp/JVN13927745/index.html", "refsource": "MISC", "tags": ["Third Party Advisory"]}, {"url": "https://wordpress.org/plugins/wordpress-popular-posts/", "name": "https://wordpress.org/plugins/wordpress-popular-posts/", "refsource": "MISC", "tags": ["Product"]}]}
{"wpvulndb": [{"lastseen": "2022-12-09T02:37:42", "description": "The plugin does not validate some user inputs via a REST endpoint, which could allow unauthenticated users to update the number of views of articles\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-11-18T00:00:00", "type": "wpvulndb", "title": "WordPress Popular Posts < 6.1.0 - Unauthenticated Views Manipulation", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-43468"], "modified": "2022-11-18T10:22:12", "id": "WPVDB-ID:9E497A16-67DC-47F7-B509-63BF11888F56", "href": "https://wpscan.com/vulnerability/9e497a16-67dc-47f7-b509-63bf11888f56", "sourceData": "", "cvss": {"score": 0.0, "vector": "NONE"}}], "jvn": [{"lastseen": "2022-12-09T02:39:21", "description": "WordPress Plugin \"WordPress Popular Posts\" provided by Hector Cabrera accepts untrusted external inputs to update certain internal variables (CWE-454).\n\n ## Impact\n\nThe number of views for an article may be manipulated through a crafted input.\n\n ## Solution\n\n**Update the plugin** \nUpdate the plugin according to the information provided by the developer.\n\n ## Products Affected\n\n * WordPress Popular Posts 6.0.5 and earlier\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-11-18T00:00:00", "type": "jvn", "title": "JVN#13927745: WordPress Plugin \"WordPress Popular Posts\" accepts untrusted external inputs to update certain internal variables", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-43468"], "modified": "2022-11-18T00:00:00", "id": "JVN:13927745", "href": "http://jvn.jp/en/jp/JVN13927745/index.html", "cvss": {"score": 0.0, "vector": "NONE"}}]}
CVE-2022-43468
