Vulnerabilities > Themeisle > Multiple Page Generator > 3.4.8

DATE CVE VULNERABILITY TITLE RISK
2025-01-26 CVE-2024-10705 Server-Side Request Forgery (SSRF) vulnerability in Themeisle multiple Page Generator
The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.5 via the 'mpg_download_file_by_link' function.
network
low complexity
themeisle CWE-918
8.1
8.1
2024-11-12 CVE-2024-10672 Path Traversal vulnerability in Themeisle multiple Page Generator
The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the mpg_upsert_project_source_block() function in all versions up to, and including, 4.0.2.
network
low complexity
themeisle CWE-22
2.7
2.7