Base Score

MEDIUM4.9

CVE-2023-38519

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MainWP MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance.This issue affects MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance: from n/a through 4.4.3.3.

VectorNETWORK

Published Byaudit@patchstack.com

Published DateDec 20, 2023, 14:15

Affected Versions(1)

mainwp/mainwp(Packagist)

Introduced0

Fixed4.4.3.4

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
mainwp/mainwp(Packagist)	0	4.4.3.4	N/A

Weakness Type (CWE):CWE-89

CVSS Metrics

Base Score

4.9

Vector String

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

HIGH

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

NONE

Availability (A)

NONE

References

https://patchstack.com/database/vulnerability/mainwp/wordpress-mainwp-plugin-4-4-3-3-sql-injection-vulnerability?_s_id=cve

Base Score

MEDIUM4.9

Weakness Type (CWE):CWE-89

CVSS Metrics

Base Score

4.9

Vector String

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

HIGH

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

NONE

Availability (A)

NONE