Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
CVE-2023-3132
Good to know:
Date: June 26, 2023
The MainWP Child plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.4.1.1 due to insufficient controls on the storage of back-up files. This makes it possible for unauthenticated attackers to extract sensitive data including the entire installations database if a backup occurs and the deletion of the back-up files fail.
Language: PHP
Severity Score
Related Resources (4)
Severity Score
Weakness Type (CWE)
Exposure of Sensitive Information to an Unauthorized Actor
CWE-200Insufficient Information
NVD-CWE-noinfoTop Fix
Upgrade Version
Upgrade to version mainwp/mainwp-child - dev-dependabot/composer/wp-cli/wp-cli-2.6.0;mainwp/mainwp-child - dev-dependabot/composer/phpunit/phpunit-9.5.26;mainwp/mainwp-child - v4.1-beta1;mainwp/mainwp-child - dev-dependabot/composer/composer/installers-2.0.0;mainwp/mainwp-child - dev-dependabot/composer/wp-cli/wp-cli-2.7.1;mainwp/mainwp-child - v4.1.3;mainwp/mainwp-child - dev-dependabot/composer/phpunit/phpunit-9.4.4;mainwp/mainwp-child - dev-dependabot/composer/phpunit/phpunit-9.5.8;mainwp/mainwp-child - dev-dependabot/composer/phpunit/phpunit-9.5.22;mainwp/mainwp-child - dev-thang;mainwp/mainwp-child - dev-dependabot/composer/phpunit/phpunit-9.5.11;mainwp/mainwp-child - dev-dependabot/composer/phpunit/phpunit-9.5.20
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | HIGH |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | NONE |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | HIGH |
| Integrity (I): | NONE |
| Availability (A): | NONE |