Server-Side Request Forgery Vulnerability in Multiple Page Generator Plugin for WordPress
CVE-2024-10705
8.1HIGH
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 26 January 2025
What is CVE-2024-10705?
The Multiple Page Generator Plugin for WordPress is susceptible to Server-Side Request Forgery (SSRF) in all versions up to and including 4.0.5. This flaw allows authenticated attackers with editor-level access or higher to initiate web requests to arbitrary internal services from the web application. As a result, malicious users can exploit this vulnerability to query and potentially alter sensitive information, posing significant security risks to affected systems.
Affected Version(s)
Multiple Page Generator Plugin – MPG * <= 4.0.5