CVE-2023-23660

Name of the Vulnerable Software and Affected Versions MainWP MainWP Maintenance Extension plugin versions prior to 4.1.1

Description The issue is related to an authenticated SQL Injection vulnerability. This allows attackers with subscriber or higher privileges to inject malicious SQL code. There is no information provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited.

Recommendations For versions prior to 4.1.1, update to version 4.1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive database queries until a patch is applied. Avoid using user-input data in SQL queries without proper sanitization until the issue is resolved.