PT-2018-10682 · Multidots · Mass Pages/Posts Creator
Published
2018-05-31
·
Updated
2018-07-05
·
CVE-2018-11580
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
MULTIDOTS Mass Pages/Posts Creator plugin version 1.2.2
Description
An issue in the mass-pages-posts-creator.php file allows any logged-in user to launch Mass Pages/Posts creation with custom content. The lack of nonce or user capability check enables anyone to potentially launch a Denial of Service (DoS) attack against a site, creating a large number of posts with custom content.
Recommendations
For version 1.2.2, consider disabling the Mass Pages/Posts creation feature until a patch is available to prevent potential DoS attacks. Restrict access to the mass-pages-posts-creator.php file to minimize the risk of exploitation. Avoid allowing custom content creation for low-privileged users to reduce the impact of this issue.
Exploit
Fix
DoS
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mass Pages/Posts Creator