EUVD-2023-38077

Malicious code in bioql PyPI...

CVE-2024-30235

Missing Authorization vulnerability in Themeisle Multiple Page Generator Plugin – MPG.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.0...

CVE-2024-31301

Cross-Site Request Forgery CSRF vulnerability in Themeisle Multiple Page Generator Plugin – MPG.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.0...

CVE-2023-33927

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Themeisle Multiple Page Generator Plugin – MPG multiple-pages-generator-by-porthas allows SQL Injection.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.3.19...

CVE-2023-2608

The Multiple Page Generator Plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 3.3.17 due to missing nonce verification on the projectslist function and insufficient escaping o...

CVE-2023-2607

The Multiple Page Generator Plugin for WordPress is vulnerable to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 3.3.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2024-10672

The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the mpgupsertprojectsourceblock function in all versions up to, and including, 4.0.2. This makes it possible for authenticated attackers, with...

PT-2024-38338 · WordPress · Mpg Plugin

Name of the Vulnerable Software and Affected Versions: The Multiple Page Generator Plugin – MPG plugin for WordPress versions up to, and including, 4.0.1 Description: The issue allows authenticated attackers with Subscriber-level access and above to invoke functions intended for admin use,...

WordPress MPG Plugin <= 4.0.1 is vulnerable to Broken Access Control

Software MPG Type Plugin Vulnerable versions = 4.0.1 Fixed in 4.0.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-7424 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 61dc998feee8 Credits Rafshanzani Suhada Required privilege...

CVE-2024-47325

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Themeisle Multiple Page Generator Plugin – MPG allows SQL Injection.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.7...

CVE-2024-31301

Cross-Site Request Forgery CSRF vulnerability in Themeisle Multiple Page Generator Plugin – MPG.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.0...

CVE-2024-31301

Cross-Site Request Forgery CSRF vulnerability in Themeisle Multiple Page Generator Plugin – MPG.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.0...

CVE-2024-30235

Missing Authorization vulnerability in Themeisle Multiple Page Generator Plugin – MPG.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.0...

CVE-2024-30235

Missing Authorization vulnerability in Themeisle Multiple Page Generator Plugin – MPG.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.0...

CVE-2023-33927

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Themeisle Multiple Page Generator Plugin – MPG multiple-pages-generator-by-porthas allows SQL Injection.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.3.19...

PT-2023-24574 · WordPress · Multiple Page Generator Plugin

Name of the Vulnerable Software and Affected Versions: Multiple Page Generator Plugin – MPG versions 3.3.19 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection...

CVE-2023-2607

The CVE-2023-2607 vulnerability affects the WordPress plugin Multiple Page Generator (MPG). It is a time-based SQL Injection caused by insufficient escaping of user-supplied values in the orderby/order parameters, exploitable by authenticated administrators to append SQL fragments and potentially...

CVE-2023-2608

The Multiple Page Generator Plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 3.3.17 due to missing nonce verification on the projectslist function and insufficient escaping o...

PT-2023-15189 · Themeisle · Themeisle Multiple Page Generator Plugin

Name of the Vulnerable Software and Affected Versions: Themeisle Multiple Page Generator Plugin - MPG plugin versions = 3.3.9 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing...