2 results (0.002 seconds)

CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0

Improper Control of Generation of Code ('Code Injection') vulnerability in MainWP MainWP Code Snippets Extension allows Code Injection.This issue affects MainWP Code Snippets Extension: from n/a through 4.0.2. Vulnerabilidad de control inadecuado de generación de código ("inyección de código") en MainWP MainWP Code Snippets Extension permite la inyección de código. Este problema afecta a MainWP Code Snippets Extension: desde n/a hasta 4.0.2. The MainWP Code Snippets Extension for WordPress is vulnerable to code injection in versions up to, and including, 4.0.2. This makes it possible for attackers with subscriber-level privileges or higher to execute arbitrary code via the plugin. • https://patchstack.com/database/vulnerability/mainwp-code-snippets-extension/wordpress-mainwp-code-snippets-extension-plugin-4-0-2-subscriber-arbitrary-php-code-injection-execution-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

The MainWP Code Snippets Extension plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 4.0.2 due to a missing capability check. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change the plugin's settings. • CWE-862: Missing Authorization •