CVE-2023-6164

Name of the Vulnerable Software and Affected Versions MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance plugin for WordPress versions up to, and including, 4.5.1.2

Description The issue allows authenticated attackers with administrator-level access to inject arbitrary CSS values into the site tags due to insufficient input sanitization of the newColor parameter. This enables attackers to perform CSS Injection.

Recommendations For versions up to, and including, 4.5.1.2, avoid using the newColor parameter in the affected API endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the plugin's settings to minimize the risk of exploitation.