CVE-2018-11580

Name of the Vulnerable Software and Affected Versions MULTIDOTS Mass Pages/Posts Creator plugin version 1.2.2

Description An issue in the mass-pages-posts-creator.php file allows any logged-in user to launch Mass Pages/Posts creation with custom content. The lack of nonce or user capability check enables anyone to potentially launch a Denial of Service (DoS) attack against a site, creating a large number of posts with custom content.

Recommendations For version 1.2.2, consider disabling the Mass Pages/Posts creation feature until a patch is available to prevent potential DoS attacks. Restrict access to the mass-pages-posts-creator.php file to minimize the risk of exploitation. Avoid allowing custom content creation for low-privileged users to reduce the impact of this issue.