26 matches found
EUVD-2021-8160
Malicious code in bioql PyPI...
CVE-2021-20746
Cross-site scripting vulnerability in WordPress Popular Posts 5.3.2 and earlier allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors...
CVE-2024-11733
The The WordPress Popular Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 7.1.0. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possib...
CVE-2024-11733 WordPress Popular Posts <= 7.1.0 - Unauthenticated Arbitrary Shortcode Execution
The The WordPress Popular Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 7.1.0. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possib...
CVE-2024-11733 WordPress Popular Posts <= 7.1.0 - Unauthenticated Arbitrary Shortcode Execution
The The WordPress Popular Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 7.1.0. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possib...
CVE-2024-11733
CVE-2024-11733 concerns WordPress Popular Posts for WordPress. Affected: all versions up to and including 7.1.0. Root cause: unvalidated value is passed to do_shortcode, allowing an attacker to trigger shortcode execution. Impact: unauthenticated attackers can execute arbitrary shortcodes, enabli...
CVE-2023-45607
The CVE-2023-45607 entry concerns the WordPress Popular Posts plugin for WordPress, stating an authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in versions up to 6.3.2. Connected sources confirm the affected component is the WordPress Popular Posts plugin and identify ...
WordPress Plugin WordPress Popular Posts Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...
WordPress WordPress Popular Posts Plugin <= 6.3.2 is vulnerable to Cross Site Scripting (XSS)
Software WordPress Popular Posts Type Plugin Vulnerable versions = 6.3.2 Fixed in 6.3.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-45607 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e1c445e00e39 Credits Rafie Muhammad Patchstack...
Xxe
External initialization of trusted variables or data stores vulnerability exists in WordPress Popular Posts 6.0.5 and earlier, therefore the vulnerable product accepts untrusted external inputs to update certain internal variables. As a result, the number of views for an article may be manipulate...
CVE-2022-43468
External initialization of trusted variables or data stores vulnerability exists in WordPress Popular Posts 6.0.5 and earlier, therefore the vulnerable product accepts untrusted external inputs to update certain internal variables. As a result, the number of views for an article may be manipulate...
PT-2022-26930 · WordPress · Wordpress Popular Posts
Name of the Vulnerable Software and Affected Versions: WordPress Popular Posts versions 6.0.5 and earlier Description: The issue allows external initialization of trusted variables or data stores, enabling the acceptance of untrusted external inputs to update internal variables. This can lead to...
WordPress Plugin "WordPress Popular Posts" accepts untrusted external inputs to update certain internal variables
Overview WordPress Plugin "WordPress Popular Posts" provided by Hector Cabrera accepts untrusted external inputs to update certain internal variables CWE-454. Tsubasa Iinuma of Origami Systems reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...
WordPress Popular Posts < 6.1.0 - Unauthenticated Views Manipulation
The plugin does not validate some user inputs via a REST endpoint, which could allow unauthenticated users to update the number of views of articles...
JVN#13927745: WordPress Plugin "WordPress Popular Posts" accepts untrusted external inputs to update certain internal variables
WordPress Plugin "WordPress Popular Posts" provided by Hector Cabrera accepts untrusted external inputs to update certain internal variables CWE-454. Impact The number of views for an article may be manipulated through a crafted input. Solution Update the plugin Update the plugin according to the...
WordPress Popular Posts < 6.0.0 - Reflected Cross-Site Scripting
The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting PoC When the plugin displays a performance notice: https://example.com/wp-admin/plugins.php?"...
WordPress Popular Posts < 6.0.0 - Reflected Cross-Site Scripting
The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting When the plugin displays a performance notice: https://example.com/wp-admin/plugins.php?"alert/XSS/...
Input validation
The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the /src/Image.php file which makes it possible for attackers with contributor level access and above to upload malicious files that can be used to obtain...
PT-2021-23594 · WordPress · Wordpress Popular Posts
Name of the Vulnerable Software and Affected Versions: WordPress Popular Posts versions up to and including 5.3.2 Description: The WordPress Popular Posts plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the /src/Image.php file. This makes it...
WordPress Popular Posts Plugin < 5.3.4 XSS Vulnerability
The WordPress plugin Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...