CVE-2023-3132

MainWP Child <= 4.4.1.1 - Information Disclosure via Back-Up Files

CVSS 5.9 MEDIUMEPSS 0.7%CWE-200

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 5.9EPSS 0.7%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

27 jun 2023Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

The MainWP Child plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.4.1.1 due to insufficient controls on the storage of back-up files. This makes it possible for unauthenticated attackers to extract sensitive data including the entire installations database if a backup occurs and the deletion of the back-up files fail.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Productos afectados

mainwp · MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2923512%40mainwp-child&new=2923512%40mainwp-child&sfp_email=&sfph_mail=https://www.wordfence.com/threat-intel/vulnerabilities/id/a1fadba1-674f-4f3d-997f-d29d3a887414?source=cve