Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress popular posts project wordpress popular posts vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2022-43468
External initialization of trusted variables or data stores vulnerability exists in WordPress Popular Posts 6.0.5 and previous versions, therefore the vulnerable product accepts untrusted external inputs to update certain internal variables. As a result, the number of views for a...
Wordpress Popular Posts Project Wordpress Popular Posts
5.4
CVSSv3
CVE-2023-45607
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Hector Cabrera WordPress Popular Posts plugin <= 6.3.2 versions.
Wordpress Popular Posts Project Wordpress Popular Posts
8.8
CVSSv3
CVE-2021-42362
The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/src/Image.php file which makes it possible for attackers with contributor level access and above to upload malicious files that can b...
Wordpress Popular Posts Project Wordpress Popular Posts
5.4
CVSSv3
CVE-2021-36872
Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress Popular Posts plugin (versions <= 5.3.3). Vulnerable at &widget-wpp[2][post_type].
Wordpress Popular Posts Project Wordpress Popular Posts
5.4
CVSSv3
CVE-2021-20746
Cross-site scripting vulnerability in WordPress Popular Posts 5.3.2 and previous versions allows a remote authenticated malicious user to inject an arbitrary script via unspecified vectors.
Wordpress Popular Posts Project Wordpress Popular Posts
4.8
CVSSv3
CVE-2023-26008
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ajay D'Souza Top 10 – Popular posts plugin for WordPress plugin <= 3.2.4 versions.
Top 10 - Popular Posts Project Top 10 - Popular Posts
6.1
CVSSv3
CVE-2015-5714
Cross-site scripting (XSS) vulnerability in WordPress prior to 4.3.1 allows remote malicious users to inject arbitrary web script or HTML by leveraging the mishandling of unclosed HTML elements during processing of shortcode tags.
Wordpress Wordpress
9 Github repositories
5.4
CVSSv3
CVE-2015-7989
Cross-site scripting (XSS) vulnerability in the user list table in WordPress prior to 4.3.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted e-mail address, a different vulnerability than CVE-2015-5714.
Wordpress Wordpress
2 Github repositories
4.3
CVSSv3
CVE-2015-5715
The mw_editPost function in wp-includes/class-wp-xmlrpc-server.php in the XMLRPC subsystem in WordPress prior to 4.3.1 allows remote authenticated users to bypass intended access restrictions, and arrange for a private post to be published and sticky, via unspecified vectors.
Wordpress Wordpress
7 Github repositories
NA
CVE-2015-2213
SQL injection vulnerability in the wp_untrash_post_comments function in wp-includes/post.php in WordPress prior to 4.2.4 allows remote malicious users to execute arbitrary SQL commands via a comment that is mishandled after retrieval from the trash.
Wordpress Wordpress
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »