WordPress Multiple Page Generator Plugin <= 3.4.0 - Auth. Remote Code Execution (RCE) vulnerability
CVE-2024-27951

7.2HIGH

Key Information:

Vendor: WordPress
Status: Multiple Page Generator Plugin – Mpg
Vendor: CVE Published:; 3 April 2024

Summary

The Multiple Page Generator Plugin by Themeisle is susceptible to an unrestricted upload of files with potentially dangerous types. This vulnerability allows attackers to upload malicious files, such as web shells, to the web server, which can lead to unauthorized access and control over the affected server. The issue affects all versions of the plugin up to 3.4.0, posing significant risks for users who have not updated to secure versions. Awareness of this vulnerability and timely remediation are critical to maintaining the integrity and security of web applications employing this plugin.

Affected Version(s)

Multiple Page Generator Plugin – MPG <= 3.4.0

References

https://patchstack.com/database/vulnerability/multiple-pa...

vdb-entry

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 3, 2024

Credit

Majed Refaea (Patchstack Alliance)