CVE-2022-43468

Published: Dec 7, 2022Modified: Jun 17, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

External initialization of trusted variables or data stores vulnerability exists in WordPress Popular Posts 6.0.5 and earlier, therefore the vulnerable product accepts untrusted external inputs to update certain internal variables. As a result, the number of views for an article may be manipulated through a crafted input.

Affected (1)

Products: Wordpress Popular Posts Project: Wordpress Popular Posts

Wordpress Popular Posts Project

1 product

Wordpress Popular Posts

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Wordpress Popular Posts Project Wordpress Popular Posts	Up to 6.0.5

Related CWEs

Improper Initialization

The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.

References (6)

https://github.com/cabrerahector/wordpress-popular-posts/

Source: vultures@jpcert.or.jp

Third Party Advisory

https://jvn.jp/en/jp/JVN13927745/index.html

Source: vultures@jpcert.or.jp

Third Party Advisory

https://wordpress.org/plugins/wordpress-popular-posts/

Source: vultures@jpcert.or.jp

Product

https://github.com/cabrerahector/wordpress-popular-posts/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://jvn.jp/en/jp/JVN13927745/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://wordpress.org/plugins/wordpress-popular-posts/

Source: af854a3a-2127-422b-91ae-364da2661108

Product

Timeline

No history available yet.