Sensitive Information Exposure in MainWP Child Plugin for WordPress
CVE-2023-3132

5.9MEDIUM

Key Information:

Vendor: WordPress
Status: MainWP Child – Securely Connects To The MainWP Dashboard To Manage Multiple Sites
Vendor: CVE Published:; 27 June 2023

What is CVE-2023-3132?

The MainWP Child plugin for WordPress has a vulnerability that allows for sensitive information exposure due to inadequate controls on the storage of backup files. In versions up to 4.4.1.1, this vulnerability enables unauthenticated users to potentially extract sensitive data, including the entire database of installations, if a backup occurs and the subsequent deletion of backup files fails. Proper security measures should be implemented to safeguard sensitive information from unauthorized access.

Affected Version(s)

MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites 0 <= 4.4.1.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 27, 2023
Vulnerability Reserved
Jun 6, 2023

Credit

Robert Lockwood

CVE-2023-3132 Data

JSON