WordPress MainWP Plugin <= 4.4.3.3 is vulnerable to SQL Injection
CVE-2023-38519

7.6HIGH

Key Information:

Vendor

Wordpress
Status
MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance
Vendor
CVE Published:
20 December 2023

What is CVE-2023-38519?

The MainWP Dashboard, a plugin designed for managing multiple WordPress sites, is susceptible to an SQL injection vulnerability. This flaw occurs due to the improper handling of user-supplied data in SQL commands, potentially allowing attackers to execute arbitrary SQL queries against the database. This vulnerability affects versions from n/a up to 4.4.3.3, posing a significant risk to users managing multiple websites through this platform. It is crucial for users to update their installations to safeguard against potential attacks that could manipulate database information.

Affected Version(s)

MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance <= 4.4.3.3

References

https://patchstack.com/database/vulnerability/mainwp/word...
vdb-entry

CVSS V3.1

Score:
7.6
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

YouGina (Patchstack Alliance)
.
The Cyber Security Vulnerability Database.