CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3132 – MainWP Child <= 4.4.1.1 - Information Disclosure via Back-Up Files
https://notcve.org/view.php?id=CVE-2023-3132
The MainWP Child plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.4.1.1 due to insufficient controls on the storage of back-up files. This makes it possible for unauthenticated attackers to extract sensitive data including the entire installations database if a backup occurs and the deletion of the back-up files fail. El plugin MainWP Child para WordPress es vulnerable a la exposición de información sensible hasta la versión 4.4.1.1 inclusive, debido a controles insuficientes en el almacenamiento de archivos de copia de seguridad. Esto hace posible que atacantes no autenticados extraigan información sensible, incluyendo la base de datos completa de las instalaciones, si se produce una copia de seguridad y falla la eliminación de los archivos de copia de seguridad. • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2923512%40mainwp-child&new=2923512%40mainwp-child&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/a1fadba1-674f-4f3d-997f-d29d3a887414?source=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23645 – WordPress MainWP Code Snippets Extension Plugin <= 4.0.2 - Subscriber+ Arbitrary PHP Code Injection/Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-23645
Improper Control of Generation of Code ('Code Injection') vulnerability in MainWP MainWP Code Snippets Extension allows Code Injection.This issue affects MainWP Code Snippets Extension: from n/a through 4.0.2. Vulnerabilidad de control inadecuado de generación de código ("inyección de código") en MainWP MainWP Code Snippets Extension permite la inyección de código. Este problema afecta a MainWP Code Snippets Extension: desde n/a hasta 4.0.2. The MainWP Code Snippets Extension for WordPress is vulnerable to code injection in versions up to, and including, 4.0.2. This makes it possible for attackers with subscriber-level privileges or higher to execute arbitrary code via the plugin. • https://patchstack.com/database/vulnerability/mainwp-code-snippets-extension/wordpress-mainwp-code-snippets-extension-plugin-4-0-2-subscriber-arbitrary-php-code-injection-execution-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23663 – MainWP Comments Extension <= 4.0.6 - Missing Authorization
https://notcve.org/view.php?id=CVE-2023-23663
The MainWP Comments Extension plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on an unknown function in versions up to, and including, 4.0.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete, approve or restore comments. • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23649 – WordPress MainWP Links Manager Extension Plugin <= 2.1 - Unauthenticated PHP Object Injection Vulnerability
https://notcve.org/view.php?id=CVE-2023-23649
Deserialization of Untrusted Data vulnerability in MainWP MainWP Links Manager Extension.This issue affects MainWP Links Manager Extension: from n/a through 2.1. Vulnerabilidad de deserialización de datos no confiables en MainWP MainWP Links Manager Extension. Este problema afecta a MainWP Links Manager Extension: desde n/a hasta 2.1. The MainWP Links Manager Extension plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.1 via deserialization of untrusted input. This allows unauthenticated attackers to inject a PHP Object. • https://patchstack.com/database/vulnerability/mainwp-links-manager-extension/wordpress-mainwp-links-manager-extension-plugin-2-1-unauthenticated-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23656 – WordPress MainWP File Uploader Extension Plugin <= 4.1 - Unauthenticated Arbitrary File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2023-23656
Unrestricted Upload of File with Dangerous Type vulnerability in MainWP MainWP File Uploader Extension.This issue affects MainWP File Uploader Extension: from n/a through 4.1. Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en MainWP MainWP File Uploader Extension. Este problema afecta a MainWP File Uploader Extension: desde n/a hasta 4.1. The MainWP File Uploader Extension for WordPress is vulnerable to arbitrary file uploads in versions up to, and including, 4.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/mainwp-file-uploader-extension/wordpress-mainwp-file-uploader-extension-plugin-4-1-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •