cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-10672,https://securityvulnerability.io/vulnerability/CVE-2024-10672,Attackers May Delete Limited Files on Server via Sufficient File Path Validation Flaw,"The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the mpg_upsert_project_source_block() function in all versions up to, and including, 4.0.2. This makes it possible for authenticated attackers, with editor-level access and above, to delete limited files on the server.",Wordpress,Multiple Page Generator Plugin – Mpg,2.7,LOW,0.000750000006519258,false,,false,false,false,,false,false,2024-11-12T03:24:58.158Z,0
CVE-2024-7424,https://securityvulnerability.io/vulnerability/CVE-2024-7424,Unauthorized Data Modification and Access in MPG Plugin for WordPress,"The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to unauthorized modification of and access to data due to a missing capability check on several functions in all versions up to, and including, 4.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to invoke those functions intended for admin use resulting in subscribers being able to upload csv files and view the contents of MPG projects.",Wordpress,Multiple Page Generator Plugin – Mpg,5.4,MEDIUM,0.0007399999885819852,false,,false,false,false,,false,false,2024-11-01T07:33:29.575Z,0
CVE-2023-2607,https://securityvulnerability.io/vulnerability/CVE-2023-2607,SQL Injection Vulnerability in Multiple Page Generator Plugin for WordPress,"The Multiple Page Generator Plugin for WordPress exhibits a SQL Injection vulnerability due to inadequate parameter escaping and lack of preparation for SQL queries. This flaw allows authenticated users with administrator rights to inject additional SQL statements into existing queries, potentially leading to the unauthorized extraction of sensitive database information.",Wordpress,Multiple Page Generator Plugin – Mpg,7.2,HIGH,0.0017999999690800905,false,,false,false,false,,false,false,2023-06-09T06:16:00.000Z,0
CVE-2023-2608,https://securityvulnerability.io/vulnerability/CVE-2023-2608,Cross-Site Request Forgery Vulnerability in Multiple Page Generator Plugin for WordPress,"The Multiple Page Generator Plugin for WordPress is susceptible to Cross-Site Request Forgery, enabling attackers to execute time-based SQL Injection. This vulnerability arises due to the absence of nonce verification in the projects_list function and inadequacies in escaping user-supplied parameters. Attackers can exploit this by crafting deceptive links that, when clicked by an administrator, could lead to unauthorized SQL queries being appended to legitimate queries. This not only threatens data integrity but could also result in resource exhaustion. A patch in version 3.3.18 addresses these security issues, significantly mitigating associated risks.",Wordpress,Multiple Page Generator Plugin – MPG,4.3,MEDIUM,0.00139999995008111,false,,false,false,false,,false,false,2023-05-17T02:15:00.000Z,0