Deserialization of Untrusted Data Vulnerability Affects MainWP Links Manager Extension
CVE-2023-23649

8.1HIGH

Key Information:

Vendor: WordPress
Status: MainWP Links Manager Extension
Vendor: CVE Published:; 28 March 2024

What is CVE-2023-23649?

The MainWP Links Manager Extension is susceptible to a vulnerability that allows for the deserialization of untrusted data. This flaw can potentially enable attackers to execute PHP object injection attacks, leading to unauthorized actions within the system. This issue can be exploited by a malicious actor, impacting the overall security of WordPress installations utilizing the affected extension versions, specifically from n/a through 2.1.

Affected Version(s)

MainWP Links Manager Extension <= 2.1

References

https://patchstack.com/database/vulnerability/mainwp-link...

vdb-entry

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 28, 2024
Vulnerability Reserved
Jan 17, 2023

Credit

Dave Jong (Patchstack)

CVE-2023-23649 Data

JSON