Vulnerabilities and security researches fortop-10 top-10
Direction: ascendingJun 07, 2024
Top 10 – WordPress Popular posts by WebberZone # 9acad2f8ba8510a79fd6bc62b818162f60824cd7
- CVE, Research URL
- Date
- Sep 16, 2020
- Research Description
- Top 10 – WordPress Popular posts by WebberZone [top-10] < 2.4.4 WordPress Top 10 plugin <= 2.9.4 - Cross-Site Request Forgery (CSRF) vulnerability Cross-Site Request Forgery (CSRF) vulnerability found by Jerome Bruandet (NinTechNet) in WordPress Top 10 plugin (versions <= 2.9.4).
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Top 10 – WordPress Popular posts by WebberZone # CVE-2022-4570
- CVE, Research URL
- Date
- Jan 23, 2023
- Research Description
- The Top 10 WordPress plugin before 3.2.3 does not validate and escape some of its Block attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Top 10 – WordPress Popular posts by WebberZone # CVE-2023-47238
- CVE, Research URL
- Date
- Nov 10, 2023
- Research Description
- Cross-Site Request Forgery (CSRF) vulnerability in WebberZone Top 10 – WordPress Popular posts by WebberZone plugin <= 3.3.2 versions.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Top 10 – WordPress Popular posts by WebberZone # CVE-2023-26008
- CVE, Research URL
- Date
- Mar 23, 2023
- Research Description
- Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ajay D'Souza Top 10 – Popular posts plugin for WordPress plugin <= 3.2.4 versions.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Top 10 – WordPress Popular posts by WebberZone # CVE-2021-4342
- CVE, Research URL
-
-
- Date
- Jun 07, 2023
- Research Description
- Rejected reason: CVE split into individual CVE IDs for each software record.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Top 10 – WordPress Popular posts by WebberZone # CVE-2020-36761
- CVE, Research URL
- Date
- Jul 12, 2023
- Research Description
- The Top 10 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.10.4. This is due to missing or incorrect nonce validation on the tptn_export_tables() function. This makes it possible for unauthenticated attackers to generate an export of the top 10 table via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Jun 10, 2024
Top 10 – WordPress Popular posts by WebberZone # CVE-2023-25993
- CVE, Research URL
- Date
- Dec 09, 2024
- Research Description
- Missing Authorization vulnerability in WebberZone Top 10 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Top 10: from n/a through 3.2.3.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
May 09, 2025
Top 10 – WordPress Popular posts by WebberZone # CVE-2025-47509
- CVE, Research URL
- Date
- May 07, 2025
- Research Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ajay Top 10 allows Stored XSS. This issue affects Top 10: from n/a through 4.1.0.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable