WordPress Plugin Vulnerabilities
MainWP Dashboard < 4.5.1.3 - Authenticated(Administrator+) CSS Injection
Description
The MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance plugin for WordPress is vulnerable to CSS Injection via the ‘newColor’ parameter in all versions up to, and including, 4.5.1.2 due to insufficient input sanitization. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary CSS values into the site tags.
Affects Plugins
Fixed in 4.5.1.3 References
Classification
Type
INJECTION
OWASP top 10
CVSS
Miscellaneous
Original Researcher
Hüseyin TINTAŞ
Verified
No
WPVDB ID
Timeline
Publicly Published
2023-10-20 (about 2 years ago)
Added
2023-11-23 (about 2 years ago)
Last Updated
2023-11-24 (about 2 years ago)
WPScan 