PT-2023-10301 · WordPress · Most Popular Posts Widget Plugin
Published
2023-10-02
·
Updated
2024-05-17
·
CVE-2015-10124
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Most Popular Posts Widget Plugin versions up to 0.8
Description
A critical issue has been found in the Most Popular Posts Widget Plugin, affecting the
add views/show views function of the functions.php file. This issue leads to sql injection and can be exploited remotely.Recommendations
For Most Popular Posts Widget Plugin versions up to 0.8, upgrade to version 0.9 to address this issue. As a temporary workaround, consider disabling the
add views/show views function until the patch is applied. Restrict access to the functions.php file to minimize the risk of exploitation.Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Most Popular Posts Widget Plugin