CVE-2022-43468
Last modified
CVE-2022-43468 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. External initialization of trusted variables or data stores vulnerability exists in WordPress Popular Posts 6.0.5 and earlier, therefore the vulnerable product accepts untrusted external inputs to update certain internal variables. As a result, the number of views for an article may be manipulated through a crafted input.. EPSS estimates a 0.85% chance of exploitation in the next 30 days.
Description
External initialization of trusted variables or data stores vulnerability exists in WordPress Popular Posts 6.0.5 and earlier, therefore the vulnerable product accepts untrusted external inputs to update certain internal variables. As a result, the number of views for an article may be manipulated through a crafted input.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Wordpress Popular Posts Project | Wordpress Popular Posts | <= 6.0.5 |
References
- https://github.com/cabrerahector/wordpress-popular-posts/Third Party Advisory
- https://jvn.jp/en/jp/JVN13927745/index.htmlThird Party Advisory
- https://github.com/cabrerahector/wordpress-popular-posts/Third Party Advisory
- https://jvn.jp/en/jp/JVN13927745/index.htmlThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-43468?
How severe is CVE-2022-43468?
How do I fix CVE-2022-43468?
Are you affected by CVE-2022-43468?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST