The plugin does not have CSRF check in the projects_list function, and does not escape the orderly & order parameters before using them in a SQL statement, which could allow attackers to make logged in administrators perform SQL Injection and lead to DoS via a CSRF attack
CPE | Name | Operator | Version |
---|---|---|---|
multiple-pages-generator-by-porthas | lt | 3.3.18 |