CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47325 – WordPress Multiple Page Generator Plugin – MPG plugin <= 3.4.7 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-47325
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle Multiple Page Generator Plugin – MPG allows SQL Injection.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.7. The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.4.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://patchstack.com/database/vulnerability/multiple-pages-generator-by-porthas/wordpress-multiple-page-generator-plugin-mpg-plugin-3-4-7-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31301 – WordPress Multiple Page Generator Plugin – MPG plugin <= 3.4.0 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-31301
Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Multiple Page Generator Plugin – MPG.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.0. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Themeisle Multiple Page Generator Plugin – MPG. Este problema afecta al complemento generador de páginas múltiples – MPG: desde n/a hasta 3.4.0. The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.0. This is due to missing or incorrect nonce validation on the delete_project action. • https://patchstack.com/database/vulnerability/multiple-pages-generator-by-porthas/wordpress-multiple-page-generator-plugin-mpg-plugin-3-4-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30235 – WordPress Multiple Page Generator Plugin – MPG plugin <= 3.4.0 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-30235
Missing Authorization vulnerability in Themeisle Multiple Page Generator Plugin – MPG.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.0. Vulnerabilidad de autorización faltante en el complemento generador de páginas múltiples de Themeisle – MPG. Este problema afecta al complemento generador de páginas múltiples – MPG: desde n/a hasta 3.4.0. The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'mpg_get_log_by_project_id' function in versions up to, and including, 3.4.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to view project logs. • https://patchstack.com/database/vulnerability/multiple-pages-generator-by-porthas/wordpress-multiple-page-generator-plugin-mpg-plugin-3-4-0-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27951 – WordPress Multiple Page Generator Plugin <= 3.4.0 - Auth. Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-27951
Unrestricted Upload of File with Dangerous Type vulnerability in Themeisle Multiple Page Generator Plugin – MPG allows Upload a Web Shell to a Web Server.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.0. Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en Themeisle Multiple Page Generator Plugin – MPG permite cargar un Shell web a un servidor web. Este problema afecta al complemento generador de páginas múltiples – MPG: desde n/a hasta 3.4.0. The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.4.0. This makes it possible for authenticated attackers, with editor-level access and above, to execute code on the server. • https://patchstack.com/database/vulnerability/multiple-pages-generator-by-porthas/wordpress-multiple-page-generator-plugin-3-4-0-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •