Lucene search
WpvulndbWPVDB-ID:DF12BF58-54BD-409A-9FC6-929C327A7A2AHistoryNov 23, 2023 - 12:00 a.m.
MainWP Dashboard < 4.5.1.3 - Authenticated(Administrator+) CSS Injection
2023-11-2300:00:00
wpscan.com
17
mainwp dashboard
wordpress manager
multiple websites
maintenance plugin
authenticated
css injection
administrator access
input sanitization
Description The MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance plugin for WordPress is vulnerable to CSS Injection via the ‘newColor’ parameter in all versions up to, and including, 4.5.1.2 due to insufficient input sanitization. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary CSS values into the site tags.
Related
cve
cve
CVE-2023-6164
2023-11-22 16:15:15
prion
prion
Input validation
2023-11-22 16:15:00
nvd
nvd
CVE-2023-6164
2023-11-22 16:15:15
cvelist
cvelist
CVE-2023-6164
2023-11-22 15:33:28
AI Score
7.1
Confidence
Low
EPSS
0
Percentile
14.0%
Related for WPVDB-ID:DF12BF58-54BD-409A-9FC6-929C327A7A2A