CVE-2023-3132

2023-06-2703:15:09

[email protected]

web.nvd.nist.gov

mainwp child

wordpress

vulnerability

sensitive information exposure

backup files

unauthenticated attackers

data extraction

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.1%

JSON

The MainWP Child plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.4.1.1 due to insufficient controls on the storage of back-up files. This makes it possible for unauthenticated attackers to extract sensitive data including the entire installations database if a backup occurs and the deletion of the back-up files fail.

Affected configurations

Vulners

NVD

Node

mainwpmainwp_childRange≤4.4.1.1

VendorProductVersionCPE
mainwpmainwp_child*cpe:2.3:a:mainwp:mainwp_child:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mainwp	mainwp_child	*	cpe:2.3:a:mainwp:mainwp_child::::::::

CNA Affected

[
  {
    "vendor": "mainwp",
    "product": "MainWP Child – Securely Connects Sites to the MainWP WordPress Manager Dashboard",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "4.4.1.1",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]