Severe vulnerability in WordPress Popular Posts Plugin

Wordpress vulnerability is expressed, which allows you to attack sites with WordPress Popular Posts. The attack does not require a user account. WordPress Popular Posts is set to more than 100,000 websites, displaying the most popular messages for any period of time and has been translated into sixteen different languages ​​to expand its use around the world.

“The WordPress Popular Posts Plugin for WordPress is vulneral to arbitrari shortcode execution in all Versions up to, and including, 7.1.0. This is due to the software allowing Properly Validate A Value Before Running Do_Shortcode.

🚀 Shortcodes is a feature that allows users to insert functions within a web page by inserting a pre -determined fragment into a bracket that automatically inserts a script that performs a function, for example, adding a contact form using a code: [Add_Contact_Form]. Over time, WordPress gradually departs from the use of codes in favor of blocks with specific features. The official WordPress developers' site encourages plugins and topics to stop using codes in favor of specialized blocks, the main reason for which is that it is a smoother workflow for the user to select and insert a block than to set up the code in the plugin, and then manually insert the code on the web page.

• 📌 The vulnerability in Wordpress Popular Posts Plugin
• 📌 The attack can be made without a user account
• 📌 WordPress recommends replacing short codes with blocks