Primary

Context

WordPress Popular Posts Plugin Unauthenticated Arbitrary Shortcode Execution Vulnerability

Vulnerability

Patched

A vulnerability allowing unauthenticated users to execute arbitrary shortcodes has been identified in the WordPress Popular Posts plugin, affecting all versions through 7.1.0. The issue arises because the plugin does not properly validate input before processing shortcodes, allowing for unauthorized shortcode execution.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of shortcodes, which may be used to inject and execute malicious code or actions on behalf of the user.

Remediation

Users are advised to update the WordPress Popular Posts plugin to version 7.2.0 or later.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

1.3

exploitability

9.0

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

1.3

exploitability

9.0

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WordPress Popular Posts Plugin Unauthenticated Arbitrary Shortcode Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

WordPress Popular Posts

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating