CVE-2018-11580 - OpenCVE

An issue was discovered in mass-pages-posts-creator.php in the MULTIDOTS Mass Pages/Posts Creator plugin 1.2.2 for WordPress. Any logged in user can launch Mass Pages/Posts creation with custom content. There is no nonce or user capability check, so anyone can launch a DoS attack against a site and create hundreds of thousands of posts with custom content.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Multidots	Mass Pages\/posts Creator

Configuration 1 [-]

cpe:2.3:a:multidots:mass_pages\/posts_creator:1.2.2:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
http://labs.threatpress.com/mass-pages-posts-creator/
https://wordpress.org/plugins/mass-pagesposts-creator/#developers

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-05-31T01:00:00Z

Updated: 2024-09-16T17:03:43.834Z

Reserved: 2018-05-30T00:00:00Z

Link: CVE-2018-11580

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-05-31T01:29:02.470

Modified: 2018-07-05T16:57:58.403

Link: CVE-2018-11580

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in mass-pages-posts-creator.php in the MULTIDOTS Mass Pages/Posts Creator plugin 1.2.2 for WordPress. Any logged in user can launch Mass Pages/Posts creation with custom content. There is no nonce or user capability check, so anyone can launch a DoS attack against a site and create hundreds of thousands of posts with custom content."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-05-31T01:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wordpress.org/plugins/mass-pagesposts-creator/#developers"}, {"tags": ["x_refsource_MISC"], "url": "http://labs.threatpress.com/mass-pages-posts-creator/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-11580", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in mass-pages-posts-creator.php in the MULTIDOTS Mass Pages/Posts Creator plugin 1.2.2 for WordPress. Any logged in user can launch Mass Pages/Posts creation with custom content. There is no nonce or user capability check, so anyone can launch a DoS attack against a site and create hundreds of thousands of posts with custom content."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://wordpress.org/plugins/mass-pagesposts-creator/#developers", "refsource": "MISC", "url": "https://wordpress.org/plugins/mass-pagesposts-creator/#developers"}, {"name": "http://labs.threatpress.com/mass-pages-posts-creator/", "refsource": "MISC", "url": "http://labs.threatpress.com/mass-pages-posts-creator/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T08:10:14.636Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wordpress.org/plugins/mass-pagesposts-creator/#developers"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://labs.threatpress.com/mass-pages-posts-creator/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-11580", "datePublished": "2018-05-31T01:00:00Z", "dateReserved": "2018-05-30T00:00:00Z", "dateUpdated": "2024-09-16T17:03:43.834Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:multidots:mass_pages\\/posts_creator:1.2.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "C1A72FBA-6E7A-4E35-8A70-C01E6715D107", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in mass-pages-posts-creator.php in the MULTIDOTS Mass Pages/Posts Creator plugin 1.2.2 for WordPress. Any logged in user can launch Mass Pages/Posts creation with custom content. There is no nonce or user capability check, so anyone can launch a DoS attack against a site and create hundreds of thousands of posts with custom content."}, {"lang": "es", "value": "Se ha descubierto un problema en mass-pages-posts-creator.php en el plugin MULTIDOTS Mass Pages/Posts Creator 1.2.2 para WordPress. Cualquier usuario que haya iniciado sesi\u00f3n puede iniciar la creaci\u00f3n Mass Pages/Posts con contenido personalizado. No hay comprobaciones de nonce o de capacidades de usuario, por lo que cualquiera puede lanzar un ataque de denegaci\u00f3n de servicio (DoS) contra un sitio y crear cientos de miles de publicaciones con contenido personalizado."}], "id": "CVE-2018-11580", "lastModified": "2018-07-05T16:57:58.403", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-05-31T01:29:02.470", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "http://labs.threatpress.com/mass-pages-posts-creator/"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://wordpress.org/plugins/mass-pagesposts-creator/#developers"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}