CVE-2022-43468 Information

Description

External initialization of trusted variables or data stores vulnerability exists in WordPress Popular Posts 6.0.5 and earlier therefore the vulnerable product accepts untrusted external inputs to update certain internal variables. As a result the number of views for an article may be manipulated through a crafted input.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Reference

https://github.com/cabrerahector/wordpress-popular-posts/ https://jvn.jp/en/jp/JVN13927745/index.html https://wordpress.org/plugins/wordpress-popular-posts/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

NONE

Base Severity

7.5