cleantalk
Vulnerabilities and Security Researches

MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance, CVE-2023-6164

CVE, Research URL

CVE-2023-6164

Home page URL

Security reports for MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance

Application

MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance

Published on
Nov 22, 2023
Research Description
The MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance plugin for WordPress is vulnerable to CSS Injection via the ‘newColor’ parameter in all versions up to, and including, 4.5.1.2 due to insufficient input sanitization. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary CSS values into the site tags.
Affected versions
Min -, max 4.5.1.3.
Status
vulnerable
Previous vulnerability researches
SEOPress for MainWP (CVE-2025-48298) , Jul 28, 2025
WP Compress for MainWP (CVE-2025-31076) , Apr 03, 2025
WP Compress for MainWP (CVE-2025-30932) , Jun 15, 2025
Activity Log For MainWP (CVE-2022-4974) , Oct 20, 2024
Activity Log For MainWP (cd04ac978144bbd0ce4f971c5fd6c62076f6a2e8) , Jun 07, 2024
New vulnerability
GiveWP – Donation Plugin and Fundraising Platform (CVE-2025-7221) , Aug 29, 2025
Add Code To Head (CVE-2025-48314) , Aug 29, 2025
130+ Widgets | Best Addons For Elementor – FREE (CVE-2025-58195) , Aug 29, 2025
WP Bulk Delete (CVE-2025-58192) , Aug 29, 2025
Responsive Mobile-Friendly Tooltip (CVE-2025-48316) , Aug 29, 2025