WordPress Plugin Vulnerabilities

WP Dummy Content Generator < 3.3.0 - Unauthenticated Code Injection

Description

The WP Dummy Content Generator plugin for WordPress is vulnerable to Remote Code Execution in all versions up to 3.3.0 (exclusive). This makes it possible for unauthenticated attackers to execute code on the server.

Affects Plugins

Plugin icon
wp-dummy-content-generator
Fixed in 3.3.0

References

CVE
CVE-2024-32599
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/a2bda5d0-9589-4925-baa6-6e207e6fc978

Classification

Type
RCE
OWASP top 10
A1: Injection
CWE
CWE-94
CVSS
10 (critical)

Miscellaneous

Original Researcher
beluga
Verified
No
WPVDB ID
0431a8be-a671-4302-a6e0-98744eabd3b2

Timeline

Publicly Published
2024-04-16 (about 2 years ago)
Added
2024-04-23 (about 2 years ago)
Last Updated
2024-04-23 (about 2 years ago)

Other

Published
Title
Published
2025-05-07
Title
Ultimate Member <= 2.10.3 - Admin+ Arbitrary Function Call
Published
2021-05-25
Title
SP Project & Document Manager < 4.22 - Authenticated Shell Upload
Published
2014-05-11
Title
Formidable Forms Pro < 1.06.03 - Arbitrary File Upload via ofc_upload_image.php
Published
2026-01-08
Title
User Registration < 5.0 - Authenticated (Subscriber+) Arbitrary Shortcode Execution
Published
2024-12-11
Title
Grid Plus – Unlimited grid layout <= 1.3.5 - Unauthenticated Arbitrary Shortcode Execution via grid_plus_load_by_category