CVE-2021-36872


WordPress Popular Posts plugin <= 5.3.3 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability

Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress Popular Posts plugin (versions <= 5.3.3). Vulnerable at &widget-wpp[2][post_type].


We have discovered 152 live websites that are affected by CVE-2021-36872.

Contact us to get more info



Affected Software

Product  WordPress Popular Posts
Category Wordpress Plugins
Vulnerable Versions
  • from 5.3.3 through 5.3.3
Total Vulnerable Versions81
Vulnerable Domains152 live websites (0.69% of WordPress Popular Posts install base)


Common Weakness Enumeration


CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')



Details

  • Published - Jul 4, 2021
  • Updated - Sep 23, 2021

Credits

  • Original researcher - Vlad Visse (Patchstack Red Team)





Countries

United States35 websites


Japan66 websites
Poland5 websites
GB4 websites
Spain3 websites
France3 websites
Indonesia3 websites
Germany2 websites
Greece2 websites

TLDs

.com82 websites
.jp14 websites
.net14 websites
.org5 websites
.co.jp3 websites
.es3 websites
.pl3 websites
.be1 websites
.com.au1 websites
.de1 websites

Vulnerable Versions

Vulnerable versions are highlighted in red


References


Websites affected by CVE-2021-36872

Top websites that are affected by CVE-2021-36872. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
***********.com United States***,***
**********.**.nz New Zealand***,***
********.ltd Japan***,***
***************.com Singapore***,***
***.*********.org United States***,***
**************.org United States***,***
******.**.jp Japan***,***
***.*********.jp Japan***,***
*****.**.id Indonesia***,***
***.*********.pl Poland*,***,***
See full domain list