Lucene search

PatchstackVULNRICHMENT:CVE-2023-33927

HistoryOct 31, 2023 - 2:12 p.m.

CVE-2023-33927 WordPress Multiple Page Generator Plugin – MPG Plugin <= 3.3.19 is vulnerable to SQL Injection

2023-10-3114:12:51

CWE-89

Patchstack

github.com

wordpress

mpg plugin

sql injection

vulnerability

themeisle

AI Score

9.9

Confidence

High

SSVC

Exploitation

none

Automatable

yes

Technical Impact

total

JSON

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Themeisle Multiple Page Generator Plugin – MPG multiple-pages-generator-by-porthas allows SQL Injection.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.3.19.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:themeisle:multiple_page_generator:*:*:*:*:*:*:*:*"
    ],
    "vendor": "themeisle",
    "product": "multiple_page_generator",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "3.3.19"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

patchstack.com/database/vulnerability/multiple-pages-generator-by-porthas/wordpress-multiple-page-generator-plugin-mpg-plugin-3-3-19-sql-injection-vulnerability?_s_id=cve