CVE DATABASE / CVE-2022-43468
CVE-2022-43468
CVSS 7.5 · HIGH
Summary
External initialization of trusted variables or data stores vulnerability exists in WordPress Popular Posts 6.0.5 and earlier, therefore the vulnerable product accepts untrusted external inputs to update certain internal variables. As a result, the number of views for an article may be manipulated through a crafted input.
CVSS 3.1 breakdown
| Base score | 7.5 (HIGH) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | NONE |
| Integrity | HIGH |
| Availability | NONE |
Weakness type (CWE)
Affected products
Wordpress_popular_posts_project wordpress popular posts
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- https://github.com/cabrerahector/wordpress-popular-posts/
- https://jvn.jp/en/jp/JVN13927745/index.html
- https://wordpress.org/plugins/wordpress-popular-posts/
Data: NIST NVD. NVD last modified 2025-04-23. Always verify against the vendor advisory before acting.