Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-43468: GitHub - cabrerahector/wordpress-popular-posts: WordPress Popular Posts - A highly customizable WordPress widget that displays your most popular posts.

External initialization of trusted variables or data stores vulnerability exists in WordPress Popular Posts 6.0.5 and earlier, therefore the vulnerable product accepts untrusted external inputs to update certain internal variables. As a result, the number of views for an article may be manipulated through a crafted input.

CVE
#vulnerability#web#redis#js#git#java#wordpress#php

WordPress Popular Posts

A highly customizable widget that displays your most popular posts.

Table of contents

  • Description
  • Features
  • Requirements
  • Installation
  • Usage
  • Support
  • Contributing
  • Changelog
  • License

Description

WordPress Popular Posts (from now on, just WPP) is a highly customizable widget to showcase the most commented / viewed entries on your WordPress powered site.

Features

  • Multi-widget capable - You can have several WordPress Popular Posts widgets on your blog, each with its own settings!
  • Time Range - List those posts of your blog that have been the most popular ones within a specific time range (eg. last 24 hours, last 7 days, last 30 days, etc)!
  • Custom Post-type support - Want to show other stuff than just posts and pages, eg. Popular Products? You can!
  • Thumbnails! - Display a thumbnail of your posts! (see the FAQ section for more details.)
  • Statistics dashboard - See how your popular posts are doing directly from your admin area.
  • Sorting options - Order your popular list by comments, views (default) or average views per day!
  • Custom themes - Out of the box, WordPress Popular Posts includes some themes so you can style your popular posts list (see Widget Themes for more details).
  • Use your own layout! - WPP is flexible enough to let you customize the look and feel of your popular posts! (see customizing WPP’s HTML markup and How to style WordPress Popular Posts for more.)
  • Advanced caching features! - WordPress Popular Posts includes a few options to make sure your site’s performance stays as good as ever! (see Performance for more details.)
  • REST API Support - Embed your popular posts in your (web) app! (see REST API Endpoints for more.)
  • Disqus support - Sort your popular posts by Disqus comments count!
  • Polylang & WPML 3.2+ support - Show the translated version of your popular posts!
  • WordPress Multisite support - Each site on the network can have its own popular posts list!
  • Shortcode support - Use the [wpp] shortcode to showcase your most popular posts on pages, too! For usage and instructions, please refer to the Usage section.
  • Template tags - Don’t feel like using widgets? No problem! You can still embed your most popular entries on your theme using the wpp_get_mostpopular() template tag. Additionally, the wpp_get_views() template tag allows you to retrieve the views count for a particular post. For usage and instructions, please refer to the Usage section.
  • Localization - Translate WPP into your own language.
  • WP-PostRatings support - Show your visitors how your readers are rating your posts!

Looking for a Recent Posts widget just as featured-packed as WordPress Popular Posts? Try Recently!

Requirements

  • WordPress 5.3 or newer.
  • PHP 7.2 or newer.
  • Mbstring PHP Extension.
  • Since WordPress Popular Posts writes constantly to the database to keep track of page views, InnoDB support is required.

Installation****Automatic installation

  1. Log in into your WordPress dashboard.
  2. Go to Plugins > Add New.
  3. In the “Search Plugins” field, type in WordPress Popular Posts and hit Enter.
  4. Find the plugin in the search results list and click on the “Install Now” button.

Manual installation

  1. Download the plugin and extract its contents.
  2. Upload the wordpress-popular-posts folder to the /wp-content/plugins/ directory.
  3. Activate the WordPress Popular Posts plugin through the “Plugins” menu in WordPress.

Done! What’s next?

  1. Go to Appearance > Widgets, drag and drop the WordPress Popular Posts widget to your sidebar. Once you’re done configuring it, hit the Save button.
  2. If you have a caching plugin installed on your site, flush its cache now so WPP can start tracking your site.
  3. If you have a plugin that minifies JavaScript (JS) installed on your site please read this FAQ: Is WordPress Popular Posts compatible with plugins that minify/bundle JavaScript code?
  4. If you have a security / firewall plugin installed on your site, make sure you allow WPP access to the REST API so it can start tracking your site.
  5. Go to Appearance > Editor. Under "Templates", click on header.php and make sure that the <?php wp_head(); ?> tag is present (should be right before the closing </head> tag).
  6. (Optional but highly recommended) Are you running a medium/high traffic site? If so, it might be a good idea to check these suggestions to make sure your site’s performance stays up to par.

That’s it!

Usage

WPP can be used as a WordPress Widget, which means you can place it on any of your theme’s sidebars (and it even supports multiple instances!) However, you can also embed it directly in posts / pages by using the WordPress Popular Posts block or via shortcode; or anywhere on your theme using the wpp_get_mostpopular() template tag.

… and there’s even more on the Wiki section, so make sure to stop by!

Support

Before submitting an issue, please:

  1. Read the documentation, it’s there for a reason. Links: Requirements | Installation | Wiki | Frequently asked questions.
  2. If it’s a bug, please check the issue tracker first make sure no one has reported it already.

When submitting an issue, please make sure to include the following:

  1. WordPress version.
  2. WPP version.
  3. Are you using the widget or the shortcode/template tag?
  4. Describe what the issue is (include steps to reproduce it, if necessary).

Contributing

  • If you’d like to support my work and efforts to creating and maintaining more open source projects your donations and messages of support mean a lot! Ko-fi | Buy me a coffee | PayPal Me
  • If you have any ideas/suggestions/bug reports, and if there’s not an issue filed for it already (see issue tracker), please create an issue so I can keep track of it.
  • Developers can send pull requests to suggest fixes / improvements to the source.
  • Want to translate WPP into your language or update a current translation? Check if it’s already supported or download this POT file to translate the strings (see I want to translate your plugin into my language / help you update a translation. What do I need to do? for more).

License

GNU General Public License version 2 or later

Copyright © 2008-2022 Héctor Cabrera - https://cabrerahector.com

The WordPress Popular Posts plugin is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

The WordPress Popular Posts plugin is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with the WordPress Popular Posts plugin; if not, see http://www.gnu.org/licenses.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907