WordPress Popular Posts Plugin < 6.3.3 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpresspopularpostsproject:wordpresspopularposts"; if...

CVE-2023-45607 WordPress WordPress Popular Posts Plugin <= 6.3.2 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Hector Cabrera WordPress Popular Posts plugin = 6.3.2 versions...

CVE-2023-45607

The CVE-2023-45607 entry concerns the WordPress Popular Posts plugin for WordPress, stating an authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in versions up to 6.3.2. Connected sources confirm the affected component is the WordPress Popular Posts plugin and identify ...

WordPress Plugin WordPress Popular Posts Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

WordPress WordPress Popular Posts Plugin <= 6.3.2 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Popular Posts Type Plugin Vulnerable versions = 6.3.2 Fixed in 6.3.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-45607 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e1c445e00e39 Credits Rafie Muhammad Patchstack...

CVE-2015-10124

CVE-2015-10124 affects the WordPress plugin Most Popular Posts Widget Plugin (versions up to 0.8). The vulnerability resides in the functions.php, in add_views/show_views, enabling SQL injection that can be exploited remotely. Upgrading to version 0.9 addresses the issue (patch: a99667d11ac8d3200...

WordPress Plugin Most Popular Posts Widget SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Most Popular Posts Widget...

PT-2023-10301 · WordPress · Most Popular Posts Widget Plugin

Name of the Vulnerable Software and Affected Versions: Most Popular Posts Widget Plugin versions up to 0.8 Description: A critical issue has been found in the Most Popular Posts Widget Plugin, affecting the add views/show views function of the functions.php file. This issue leads to sql injection...

CVE-2023-26008

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Ajay D'Souza Top 10 – Popular posts plugin for WordPress plugin = 3.2.4 versions...

CVE-2023-26008

CVE-2023-26008 affects the WordPress plugin Top 10 – Popular posts (

WordPress Plugin Popular posts 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

MonsterInsights < 8.12.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC As a contributor, add an "Inline Popular Posts" to...

ExactMetrics < 7.12.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. As a contributor, add a "Popular Posts" block and put...

Top 10 < 3.2.3 - Contributor+ Stored XSS

The plugin does not validate and escape some of its Block attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. 1. Insert a Top 1...

WordPress Popular Posts Plugin < 6.1.0 Improper Initialization Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

CVE-2022-43468

External initialization of trusted variables or data stores vulnerability exists in WordPress Popular Posts 6.0.5 and earlier, therefore the vulnerable product accepts untrusted external inputs to update certain internal variables. As a result, the number of views for an article may be manipulate...

CVE-2022-43468

External initialization of trusted variables or data stores vulnerability exists in WordPress Popular Posts 6.0.5 and earlier, therefore the vulnerable product accepts untrusted external inputs to update certain internal variables. As a result, the number of views for an article may be manipulate...

Xxe

External initialization of trusted variables or data stores vulnerability exists in WordPress Popular Posts 6.0.5 and earlier, therefore the vulnerable product accepts untrusted external inputs to update certain internal variables. As a result, the number of views for an article may be manipulate...

CVE-2022-43468

External initialization of trusted variables or data stores vulnerability exists in WordPress Popular Posts 6.0.5 and earlier, therefore the vulnerable product accepts untrusted external inputs to update certain internal variables. As a result, the number of views for an article may be manipulate...

CVE-2022-43468

External initialization of trusted variables or data stores vulnerability exists in WordPress Popular Posts 6.0.5 and earlier, therefore the vulnerable product accepts untrusted external inputs to update certain internal variables. As a result, the number of views for an article may be manipulate...