CVE-2023-3132
MainWP Child <= 4.4.1.1 - Information Disclosure via Back-Up Files
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The MainWP Child plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.4.1.1 due to insufficient controls on the storage of back-up files. This makes it possible for unauthenticated attackers to extract sensitive data including the entire installations database if a backup occurs and the deletion of the back-up files fail.
El plugin MainWP Child para WordPress es vulnerable a la exposición de información sensible hasta la versión 4.4.1.1 inclusive, debido a controles insuficientes en el almacenamiento de archivos de copia de seguridad. Esto hace posible que atacantes no autenticados extraigan información sensible, incluyendo la base de datos completa de las instalaciones, si se produce una copia de seguridad y falla la eliminación de los archivos de copia de seguridad.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2023-06-06 CVE Reserved
- 2023-06-23 CVE Published
- 2024-07-29 EPSS Updated
- 2024-11-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mainwp Search vendor "Mainwp" | Mainwp Child Search vendor "Mainwp" for product "Mainwp Child" | <= 4.4.1.1 Search vendor "Mainwp" for product "Mainwp Child" and version " <= 4.4.1.1" | wordpress |
Affected
| ||||||