Skip to main content

Multiple Page Generator

7 CVEs product

Monthly

CVE-2024-10705 MEDIUM PATCH This Month

The Multiple Page Generator Plugin - MPG plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.5 via the 'mpg_download_file_by_link' function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

WordPress SSRF Multiple Page Generator
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-10672 LOW PATCH Monitor

The Multiple Page Generator Plugin - MPG plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the mpg_upsert_project_source_block() function in. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

WordPress Information Disclosure Multiple Page Generator
NVD
CVSS 3.1
2.7
EPSS
0.5%
CVE-2024-31301 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Multiple Page Generator Plugin - MPG.4.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Multiple Page Generator
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-27951 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Themeisle Multiple Page Generator Plugin - MPG allows Upload a Web Shell to a Web Server.4.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Multiple Page Generator
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-30235 MEDIUM This Month

Missing Authorization vulnerability in Themeisle Multiple Page Generator Plugin - MPG.4.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Multiple Page Generator
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-2607 HIGH PATCH This Week

The Multiple Page Generator Plugin for WordPress is vulnerable to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 3.3.17 due to insufficient escaping. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Multiple Page Generator
NVD VulDB
CVSS 3.1
7.2
EPSS
0.4%
CVE-2023-2608 LOW PATCH Monitor

The Multiple Page Generator Plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and including,. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

SQLi WordPress CSRF Denial Of Service Multiple Page Generator
NVD
CVSS 3.1
3.1
EPSS
0.1%
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

The Multiple Page Generator Plugin - MPG plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.5 via the 'mpg_download_file_by_link' function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

WordPress SSRF Multiple Page Generator
NVD
EPSS 0% CVSS 2.7
LOW PATCH Monitor

The Multiple Page Generator Plugin - MPG plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the mpg_upsert_project_source_block() function in. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

WordPress Information Disclosure Multiple Page Generator
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Multiple Page Generator Plugin - MPG.4.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Multiple Page Generator
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Themeisle Multiple Page Generator Plugin - MPG allows Upload a Web Shell to a Web Server.4.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Multiple Page Generator
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Missing Authorization vulnerability in Themeisle Multiple Page Generator Plugin - MPG.4.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Multiple Page Generator
NVD
EPSS 0% CVSS 7.2
HIGH PATCH This Week

The Multiple Page Generator Plugin for WordPress is vulnerable to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 3.3.17 due to insufficient escaping. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Multiple Page Generator
NVD VulDB
EPSS 0% CVSS 3.1
LOW PATCH Monitor

The Multiple Page Generator Plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and including,. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

SQLi WordPress CSRF +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy