CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23660 – WordPress MainWP Maintenance Extension Plugin <= 4.1.1 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-23660
Auth. (subscriber+) SQL Injection (SQLi) vulnerability in MainWP MainWP Maintenance Extension plugin <= 4.1.1 versions. The MainWP Maintenance Extension for WordPress are vulnerable to SQL Injection via an unknown parameter due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber level privileges or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://patchstack.com/articles/multiple-vulnerabilities-affecting-mainwp-extensions?_s_id=cve https://patchstack.com/database/vulnerability/mainwp-maintenance-extension/wordpress-mainwp-maintenance-extension-plugin-4-1-1-subscriber-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23746 – MainWP WordPress SEO Extension <= 4.0.1 - Missing Authorization to Arbitrary Plugin Activation
https://notcve.org/view.php?id=CVE-2023-23746
The MainWP WordPress SEO Extension plugin for WordPress is vulnerable to authorization bypass in versions up to, and including 4.0.1, due to a missing capability check. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to activate arbitrary plugins. • CWE-862: Missing Authorization •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23640 – WordPress MainWP UpdraftPlus Extension Plugin <= 4.0.6 - Subscriber+ Arbitrary Plugin Activation Vulnerability
https://notcve.org/view.php?id=CVE-2023-23640
Missing Authorization vulnerability in MainWP MainWP UpdraftPlus Extension.This issue affects MainWP UpdraftPlus Extension: from n/a through 4.0.6. Vulnerabilidad de autorización faltante en MainWP MainWP UpdraftPlus Extension. Este problema afecta a MainWP UpdraftPlus Extension: desde n/a hasta 4.0.6. The MainWP UpdraftPlus Extension plugin for WordPress is vulnerable to authorization bypass in versions up to, and including 4.0.6, due to a missing capability check. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to activate arbitrary plugins. • https://patchstack.com/database/vulnerability/mainwp-updraftplus-extension/wordpress-mainwp-updraftplus-extension-plugin-4-0-6-subscriber-arbitrary-plugin-activation-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23747 – MainWP Buddy Extension <= 4.0.1 - Missing Authorization to Arbitrary Plugin Activation
https://notcve.org/view.php?id=CVE-2023-23747
The MainWP Buddy Extension plugin for WordPress is vulnerable to authorization bypass in versions up to, and including 4.0.1 due to a missing capability check. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to activate arbitrary plugins. • CWE-862: Missing Authorization •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23639 – WordPress MainWP Staging Extension Plugin <= 4.0.3 - Subscriber+ Arbitrary Plugin Activation Vulnerability
https://notcve.org/view.php?id=CVE-2023-23639
Missing Authorization vulnerability in MainWP MainWP Staging Extension.This issue affects MainWP Staging Extension: from n/a through 4.0.3. Vulnerabilidad de autorización faltante en MainWP MainWP Staging Extension. Este problema afecta a MainWP Staging Extension: desde n/a hasta 4.0.3. The MainWP Staging Extension plugin for WordPress is vulnerable to authorization bypass in versions up to, and including 4.0.3, due to a missing capability check. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to activate arbitrary plugins. • https://patchstack.com/database/vulnerability/mainwp-staging-extension/wordpress-mainwp-staging-extension-plugin-4-0-3-subscriber-arbitrary-plugin-activation-vulnerability?_s_id=cve • CWE-862: Missing Authorization •