EUVD-2024-33592

Malicious code in bioql PyPI...

CVE-2022-47143

Cross-Site Request Forgery CSRF vulnerability in Themeisle Multiple Page Generator Plugin – MPG plugin = 3.3.9 versions...

WordPress MPG plugin <= 4.0.2 - Authenticated (Editor+) Directory Traversal to Limited File Deletion vulnerability

Authenticated Editor+ Directory Traversal to Limited File Deletion vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin MPG versions = 4.0.2...

WordPress MPG Plugin <= 4.0.2 is vulnerable to Path Traversal

Software MPG Type Plugin Vulnerable versions = 4.0.2 Fixed in 4.0.3 OWASP Top 10 A1: Broken Access Control Classification Path Traversal CVE CVE-2024-10672 Patch priority Low CVSS severity Low 2.7 Developer Claim ownership PSID 3c7693c48068 Credits Arkadiusz Hydzik Required privilege Editor...

CVE-2024-7424

CVE-2024-7424 affects the WordPress plugin Multiple Page Generator Plugin (MPG) . The issue is a missing capability check on several functions that are admin-only, enabling authenticated users with Subscriber-level access and above to invoke admin functions, leading to unauthorized modification o...

WordPress Multiple Page Generator Plugin – MPG plugin <= 4.0.1 - Missing Authorization vulnerability

Missing Authorization vulnerability discovered by Rafshanzani Suhada in WordPress Plugin MPG versions = 4.0.1...

WordPress MPG Plugin <= 4.0.1 is vulnerable to Broken Access Control

Software MPG Type Plugin Vulnerable versions = 4.0.1 Fixed in 4.0.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-7424 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 61dc998feee8 Credits Rafshanzani Suhada Required privilege...

CVE-2024-47325

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Themeisle MPG multiple-pages-generator-by-porthas allows SQL Injection.This issue affects MPG: from n/a through = 3.4.7...

CVE-2024-47325 WordPress Multiple Page Generator Plugin – MPG plugin <= 3.4.7 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Themeisle MPG multiple-pages-generator-by-porthas allows SQL Injection.This issue affects MPG: from n/a through = 3.4.7...

CVE-2024-47325 WordPress Multiple Page Generator Plugin – MPG plugin <= 3.4.7 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Themeisle Multiple Page Generator Plugin – MPG allows SQL Injection.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.7...

WordPress MPG Plugin <= 3.4.7 is vulnerable to SQL Injection

Software MPG Type Plugin Vulnerable versions = 3.4.7 Fixed in 3.4.8 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-47325 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID dadad62ef9dd Credits LVT-tholv2k Required privilege Contributor Published 25...

CVE-2024-31301 WordPress Multiple Page Generator Plugin – MPG plugin <= 3.4.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Themeisle Multiple Page Generator Plugin – MPG.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.0...

WordPress MPG Plugin <= 3.4.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software MPG Type Plugin Vulnerable versions = 3.4.0 Fixed in 3.4.1 OWASP Top 10 A4: Insecure Design Classification Cross Site Request Forgery CSRF CVE CVE-2024-31301 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 018dc38017d4 Credits Majed Refaea Required privilege...

CVE-2024-27951

Unrestricted Upload of File with Dangerous Type vulnerability in Themeisle Multiple Page Generator Plugin – MPG allows Upload a Web Shell to a Web Server.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.0...

CVE-2024-27951

Unrestricted Upload of File with Dangerous Type vulnerability in Themeisle Multiple Page Generator Plugin – MPG allows Upload a Web Shell to a Web Server.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.0...

CVE-2024-30235 WordPress Multiple Page Generator Plugin – MPG plugin <= 3.4.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themeisle Multiple Page Generator Plugin – MPG.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.0...

CVE-2024-30235 WordPress Multiple Page Generator Plugin – MPG plugin <= 3.4.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themeisle Multiple Page Generator Plugin – MPG.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.0...

WordPress MPG Plugin <= 3.4.0 is vulnerable to Broken Access Control

Software MPG Type Plugin Vulnerable versions = 3.4.0 Fixed in 3.4.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-30235 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6cea17ebc47f Credits Majed Refaea Required privilege Subscribe...

WordPress MPG Plugin <= 3.4.0 is vulnerable to Remote Code Execution (RCE)

Software MPG Type Plugin Vulnerable versions = 3.4.0 Fixed in 3.4.1 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-27951 Patch priority Medium CVSS severity Medium 9.1 Developer Claim ownership PSID e11792cbc705 Credits Majed Refaea Required privilege Editor...

CVE-2023-33927

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Themeisle Multiple Page Generator Plugin – MPG multiple-pages-generator-by-porthas allows SQL Injection.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.3.19...