WordPress Plugin Vulnerabilities

Multiple Page Generator – MPG < 3.3.20 - SQL Injection

Description

The plugin does not properly neutralize special elements used in an SQL command, leading to a potential SQL Injection vulnerability.

Affects Plugins

Plugin icon
multiple-pages-generator-by-porthas
Fixed in 3.3.20

References

CVE
CVE-2023-33927
URL
https://patchstack.com/database/vulnerability/multiple-pages-generator-by-porthas/wordpress-multiple-page-generator-plugin-mpg-plugin-3-3-19-sql-injection-vulnerability

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
4.1 (medium)

Miscellaneous

Original Researcher
LEE SE HYOUNG
Verified
No
WPVDB ID
09ec22bd-453a-430e-94ab-f5bdc42e7ac0

Timeline

Publicly Published
2023-05-23 (about 11 months ago)
Added
2023-11-03 (about 6 months ago)
Last Updated
2023-11-03 (about 6 months ago)

Other

Published
Title
Published
2021-06-29
Title
Portfolio Responsive Gallery < 1.1.8 - Authenticated Blind SQL Injections
Published
2024-04-05
Title
LearnPress Export Import < 4.0.4 - Authenticated (Administrator+) SQL Injection
Published
2022-03-29
Title
5 Stars Rating Funnel < 1.2.53 - Unauthenticated SQLi
Published
2023-12-21
Title
NEX-Forms – Ultimate Form Builder – Contact forms and much more < 8.5.6 - Authenticated (Admin+) SQL Injection
Published
2021-11-15
Title
SEO Booster < 3.8 - Admin+ SQL Injection