CVE-2023-33927

WordPress Multiple Page Generator Plugin – MPG Plugin <= 3.3.19 is vulnerable to SQL Injection

CVSS 7.6 HIGHEPSS 0.7%CWE-89

In short

The WordPress MPG plugin up to version 3.3.19 has a flaw that allows attackers to inject malicious SQL commands into the database. This can lead to unauthorized data access, modification, or deletion of website information.

Technical detail

The plugin fails to properly sanitize user input before constructing SQL queries, enabling unauthenticated or low-privileged attackers to inject arbitrary SQL commands. Exploitation typically requires the attacker to interact with vulnerable input fields exposed through the plugin's interface, potentially leading to information disclosure, data manipulation, or authentication bypass.

Summary generated and translated by AI from the official description.

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle Multiple Page Generator Plugin – MPG multiple-pages-generator-by-porthas allows SQL Injection.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.3.19.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L

Affected products

Themeisle · Multiple Page Generator Plugin – MPG

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://patchstack.com/database/vulnerability/multiple-pages-generator-by-porthas/wordpress-multiple-page-generator-plugin-mpg-plugin-3-3-19-sql-injection-vulnerability?_s_id=cve