CVE-2023-33329

Auth. admin+ Reflected Cross-Site Scripting XSS vulnerability in Hijiri Custom Post Type Generator plugin = 2.4.2 versions...

CVE-2023-33329 WordPress Custom Post Type Generator Plugin <= 2.4.2 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Reflected Cross-Site Scripting XSS vulnerability in Hijiri Custom Post Type Generator plugin = 2.4.2 versions...

CVE-2023-35038

Summary (CVE-2023-35038) Cross-Site Request Forgery (CSRF) in the WordPress plugin WP PDF Generator (wpexperts.Io) versions

CVE-2023-35038 WordPress WP PDF Generator Plugin <= 1.2.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in wpexperts.Io WP PDF Generator plugin = 1.2.2 versions...

WordPress Plugin Float menu 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress Plugin Float men...

CVE-2023-2607

The Multiple Page Generator Plugin for WordPress is vulnerable to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 3.3.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2023-2607 Multiple Page Generator Plugin <= 3.3.17 - Authenticated (Administrator+) SQL Injection

The Multiple Page Generator Plugin for WordPress is vulnerable to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 3.3.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2023-2607 Multiple Page Generator Plugin <= 3.3.17 - Authenticated (Administrator+) SQL Injection

The Multiple Page Generator Plugin for WordPress is vulnerable to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 3.3.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2023-31233

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Haoqisir Baidu Tongji generator plugin = 1.0.2 versions...

CVE-2023-31233

CVE-2023-31233 affects the Baidu Tongji generator WordPress plugin (

CVE-2022-47143

Cross-Site Request Forgery CSRF vulnerability in Themeisle Multiple Page Generator Plugin – MPG plugin = 3.3.9 versions...

CVE-2022-47143

CVE-2022-47143 is a CSRF vulnerability in Themeisle’s MPG Plugin (WordPress) versions

CVE-2022-47143 WordPress Multiple Page Generator Plugin – MPG Plugin <= 3.3.9 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Themeisle Multiple Page Generator Plugin – MPG plugin = 3.3.9 versions...

SUSE CVE-2016-6631

An issue was discovered in phpMyAdmin. A user can execute a remote code execution attack against a server when phpMyAdmin is being run as a CGI application. Under certain server configurations, a user can pass a query string which is executed as a command-line argument by the file...

CVE-2022-4321

The PDF Generator for WordPress plugin before 1.1.2 includes a vendored dompdf example file which is susceptible to Reflected Cross-Site Scripting and could be used against high privilege users such as admin...

CVE-2022-2100

The Page Generator WordPress plugin before 1.6.5 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

Page Generator Plugin < 1.6.6 - Arbitrary Keywords Deletion/Duplication via CSRF

The plugin does not have CSRF check in place when deleting and duplicating keywords, which could allow attackers to make a logged in admin delete and duplicate arbitrary keywords via CSRF attacks https://example.com/wp-admin/admin.php?page=page-generator-keywords&cmd=delete&id=3...

Page Generator Plugin < 1.6.5 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Got to Page Generator - Keywords - Add Keyword and put the following payload in the "Terms" field then...

WordPress Page Generator plugin <= 1.6.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Sachin Bahl eSec Forte Technologies Pvt Ltd in WordPress Page Generator plugin versions = 1.6.4. Solution Update the WordPress Page Generator plugin to the latest available version at least 1.6.5...

Page Generator Plugin < 1.6.6 - Arbitrary Keywords Deletion/Duplication via CSRF

The plugin does not have CSRF check in place when deleting and duplicating keywords, which could allow attackers to make a logged in admin delete and duplicate arbitrary keywords via CSRF attacks PoC https://example.com/wp-admin/admin.php?page=page-generator-keywords=delete=3...