WordPress Mass Pages/Posts Creator Plugin <= 2.1.6 is vulnerable to Cross Site Scripting (XSS)

Software Mass Pages/Posts Creator Type Plugin Vulnerable versions = 2.1.6 Fixed in 2.1.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e259a062e790 Credits Rafie Muhammad Patchsta...

WordPress Mass Pages/Posts Creator plugin <= 2.1.4 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Mass Pages/Posts Creator plugin versions = 2.1.4. Solution Update the WordPress Mass Pages/Posts Creator plugin to the latest available version at least 2.1.5...

WordPress Mass Pages/Posts Creator plugin <= 1.2.2 - Stored Cross-Site scripting (XSS) vulnerability

Stored Cross-Site scripting XSS vulnerability found by ThreatPress Research Team in WordPress Mass Pages/Posts Creator plugin versions = 1.2.2. Solution 3 June 2018 - plugin still closed by WordPress Security team, no patched version available...

Design/Logic Flaw

An issue was discovered in mass-pages-posts-creator.php in the MULTIDOTS Mass Pages/Posts Creator plugin 1.2.2 for WordPress. Any logged in user can launch Mass Pages/Posts creation with custom content. There is no nonce or user capability check, so anyone can launch a DoS attack against a site a...