Improper Control of Generation of Code ('Code Injection') vulnerability in WP Dummy Content Generator
CVE-2024-32599

10CRITICAL

Key Information:

Vendor: WordPress
Status: WP Dummy Content Generator
Vendor: CVE Published:; 18 April 2024

Summary

The WP Dummy Content Generator, developed by Deepak Anand, contains a code injection vulnerability that could allow for arbitrary code execution. This flaw affects all versions preceding 3.2.1, exposing systems to potential security breaches. Admins using this plugin should evaluate their installations urgently to mitigate risks associated with this exploit and apply any relevant patches or updates.

Affected Version(s)

WP Dummy Content Generator <= 3.2.1

References

https://patchstack.com/database/vulnerability/wp-dummy-co...

vdb-entry

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 18, 2024
Vulnerability Reserved
Apr 15, 2024

Credit

Yudistira Arya (Patchstack Alliance)