CVE-2023-38519: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

December 20, 2023 (updated December 28, 2023)

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in MainWP MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance.This issue affects MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance: from n/a through 4.4.3.3.

References

github.com/advisories/GHSA-87fg-9x5w-j3rm
github.com/mainwp/mainwp/commit/8df951c0e8b2c2646cc57fc66b00767551cac400
nvd.nist.gov/vuln/detail/CVE-2023-38519
patchstack.com/database/vulnerability/mainwp/wordpress-mainwp-plugin-4-4-3-3-sql-injection-vulnerability?_s_id=cve

Code Behaviors & Features

Detect and mitigate CVE-2023-38519 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →