CVE-2024-10705

Name of the Vulnerable Software and Affected Versions Multiple Page Generator Plugin – MPG plugin for WordPress versions up to, and including, 4.0.5

Description The issue allows authenticated attackers, with editor-level access and above, to make web requests to arbitrary locations originating from the web application via the mpg download file by link function. This can be used to query and modify information from internal services.

Recommendations For versions up to, and including, 4.0.5, consider disabling the mpg download file by link function as a temporary workaround until a patch is available. Restrict access to the plugin's functionality to minimize the risk of exploitation, ensuring only necessary personnel have editor-level access or above.