WordPress Plugin Vulnerabilities

MainWP Maintenance Extension < 4.1.2 - Subscriber+ SQL Injection (SQLi)

Description

The plugin does not properly sanitize user-supplied input, leading to an SQL Injection vulnerability.

Affects Plugins

Plugin icon
mainwp-maintenance-extension
Fixed in 4.1.2

References

CVE
CVE-2023-23660
URL
https://patchstack.com/database/vulnerability/mainwp-maintenance-extension/wordpress-mainwp-maintenance-extension-plugin-4-1-1-subscriber-sql-injection-vulnerability

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
8.5 (high)

Miscellaneous

Original Researcher
Dave Jong
Verified
No
WPVDB ID
3873d5ce-d29c-46b4-975c-499f65bbf185

Timeline

Publicly Published
2023-01-17 (about 3 years ago)
Added
2023-07-18 (about 2 years ago)
Last Updated
2023-07-18 (about 2 years ago)

Other

Published
Title
Published
2025-06-03
Title
Multi CryptoCurrency Payments <= 2.0.3 - Unauthenticated SQL Injection
Published
2026-03-04
Title
Apocalypse Meow < 23.0.0 - Authenticated (Administrator+) SQL Injection via 'type' Parameter
Published
2021-09-08
Title
SP Rental Manager <= 1.5.3 - Unauthenticated SQL Injection
Published
2021-10-20
Title
Download Monitor < 4.4.5 - Admin+ SQL Injection
Published
2025-05-06
Title
PGS Core < 5.9.0 - Unauthenticated SQL Injection