Code Injection Vulnerability in MainWP Code Snippets Extension
CVE-2023-23645

9.9CRITICAL

Key Information:

Vendor: WordPress
Status: MainWP Code Snippets Extension
Vendor: CVE Published:; 17 May 2024

Summary

An improper control of code generation vulnerability exists in the MainWP Code Snippets Extension, which could allow unauthorized actors to execute arbitrary PHP code and potentially compromise the security of WordPress sites. The vulnerability affects versions of MainWP Code Snippets Extension from n/a through 4.0.2, emphasizing a need for prompt updates to mitigate risks associated with code injection exploitation.

Affected Version(s)

MainWP Code Snippets Extension <= 4.0.2

References

https://patchstack.com/database/vulnerability/mainwp-code...

vdb-entry

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
May 17, 2024
Vulnerability Reserved
Jan 17, 2023

Credit

Dave Jong (Patchstack)