Unauthenticated DoS Attack Vulnerability in MULTIDOTS Mass Pages/Posts Creator Plugin for WordPress

Unauthenticated DoS Attack Vulnerability in MULTIDOTS Mass Pages/Posts Creator Plugin for WordPress

CVE-2018-11580 · LOW Severity

AV:N/AC:M/AU:S/C:N/I:P/A:N

An issue was discovered in mass-pages-posts-creator.php in the MULTIDOTS Mass Pages/Posts Creator plugin 1.2.2 for WordPress. Any logged in user can launch Mass Pages/Posts creation with custom content. There is no nonce or user capability check, so anyone can launch a DoS attack against a site and create hundreds of thousands of posts with custom content.

Learn more about our Wordpress Pen Testing.