Medium 6.5
2025-05-07< 4.1.1
CVE-2025-47509
WebberZone Top 10 — Popular Posts
Minimum safe version
4.1.1
Update to 4.1.1 or later to address 22 fixable vulnerabilities
Latest available4.2.3 ✓
Medium 4.3
2023-11-09< 3.3.3
CVE-2023-47238
N/A
2023-11-03< 3.3.3
Top 10 <= 3.3.2 - Cross-Site Request Forgery via edit_count_ajax
Medium 4.3
2023-07-12< 2.9.5
CVE-2020-36761
N/A
2023-06-07< 2.9.5
CVE-2021-4342
N/A
2023-02-24< 3.2.5
WordPress Top 10 Plugin <= 3.2.4 is vulnerable to Broken Access Control
Medium 5.9
2023-03-23< 3.2.5
CVE-2023-26008
N/A
2023-02-22< 3.2.5
Top 10 – Popular posts plugin - <= 3.2.4 - Authenticated(Admin+) Stored Cross-Site Scripting
N/A
2023-02-22< 3.2.5
Top 10 – Popular posts plugin for WordPress <= 3.2.4 - Missing Authorization on tptn_chart_data
Medium 4.3
2024-12-09< 3.2.4
CVE-2023-25993
N/A
2023-02-20< 3.2.4
Top 10 – Popular posts plugin for WordPress <= 3.2.3 - Cross-Site Request Forgery via tptn_ajax_clearcache
N/A
2023-02-20< 3.2.4
Top 10 – Popular posts plugin for WordPress <= 3.2.3 - Missing Authorization on tptn_ajax_clearcache
N/A
2016-07-15< 2.3.1
Top 10 – Popular posts plugin for WordPress < 2.3.1 - Cross-Site Scripting
Medium 5.4
2023-01-23< 3.2.3
CVE-2022-4570
N/A
2017-12-13< 2.4.4
Top 10 – Popular posts plugin for WordPress <= 2.4.3 - SQL Injection
N/A
< 2.3.1
Top 10 <= 2.3.0 - Cross-Site Scripting (XSS)
N/A
< 2.4.4
Top 10 <= 2.4.3 - Authenticated SQL Injection
N/A
< 2.9.5
Various Affected Software (Various Versions) - Cross-Site Request Forgery Bypass
N/A
2015-05-15< 1.9.3
WordPress Top 10 Plugin <= 1.9.2 - Cross Site Request Forgery
N/A
2016-07-14< 2.3.1
WordPress Top 10 Plugin <= 2.3.0 - Cross Site Scripting
N/A
2017-12-20< 2.4.4
WordPress Top 10 plugin <=2.4.3 - Authenticated SQL Injection (SQLi) vulnerability
N/A
2020-09-16< 2.9.5
WordPress Top 10 plugin <= 2.9.4 - Cross-Site Request Forgery (CSRF) vulnerability