CVEs (5)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Wordpress Popular Posts Project 1Wordpress Popular Posts Jun 17, 2026 Oct 18, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Hector Cabrera WordPress Popular Posts plugin <= 6.3.2 versions. |
1Wordpress Popular Posts Project 1Wordpress Popular Posts Jun 17, 2026 Dec 7, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 External initialization of trusted variables or data stores vulnerability exists in WordPress Popular Posts 6.0.5 and earlier, therefore the vulnerable product accepts untrusted external inputs to update certain internal...Show more |
1Wordpress Popular Posts Project 1Wordpress Popular Posts Jun 17, 2026 Nov 17, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/src/Image.php file which makes it possible for attackers with contributor...Show more |
1Wordpress Popular Posts Project 1Wordpress Popular Posts Jun 17, 2026 Sep 23, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress Popular Posts plugin (versions <= 5.3.3). Vulnerable at &widget-wpp[2][post_type]. |
1Wordpress Popular Posts Project 1Wordpress Popular Posts Jun 17, 2026 Jun 28, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Cross-site scripting vulnerability in WordPress Popular Posts 5.3.2 and earlier allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. |