3 matches found
CVE-2023-23660
Auth. subscriber+ SQL Injection SQLi vulnerability in MainWP MainWP Maintenance Extension plugin = 4.1.1 versions...
CVE-2023-23660
MainWP Maintenance Extension for WordPress is affected up to version 4.1.1 with an authenticated (subscriber) SQL Injection vulnerability. The root cause is a SQLi in the plugin that can be triggered by a subscriber. Fixed in version 4.1.2; upgrade to mitigate. Patchstack also lists high risk (CV...
WordPress MainWP Maintenance Extension Plugin <= 4.1.1 is vulnerable to SQL Injection
Software MainWP Maintenance Extension Type Plugin Vulnerable versions = 4.1.1 Fixed in 4.1.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-23660 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 9ddad2ceeae4 Credits Dave Jong Patchstack Required...