WordPress Plugin Vulnerabilities

MainWP Child < 4.4.1.2 - Sensitive File Disclosure

Description

The plugin uses an easily guessable path to store user files, bad actors could use that to access other users' sensitive files.

Affects Plugins

Plugin icon
mainwp-child
Fixed in 4.4.1.2

References

CVE
CVE-2023-3132

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
5.9 (medium)

Miscellaneous

Original Researcher
Robert Lockwood
Verified
No
WPVDB ID
fdfbe353-88a3-4f8a-a575-3cbfe9984565

Timeline

Publicly Published
2023-06-23 (about 2 years ago)
Added
2023-06-27 (about 2 years ago)
Last Updated
2023-06-27 (about 2 years ago)

Other

Published
Title
Published
2024-12-18
Title
Button Block – Get fully customizable & multi-functional buttons < 1.1.6 - Authenticated (Contributor+) Post Disclosure via Post Duplication
Published
2025-12-17
Title
Hummingbird < 3.18.1 - Unauthenticated Sensitive Information Exposure via Log File
Published
2025-10-16
Title
MasterStudy LMS < 3.6.21 - Authenticated (Instructor+) Sensitive Information Exposure
Published
2025-03-31
Title
Awesome Support – WordPress HelpDesk & Support Plugin < 6.3.2 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory
Published
2024-07-19
Title
Addonify – Quick View For WooCommerce < 1.2.17 - Unauthenticated Full Path Dislcosure