Login Sign Up

CVE-2023-23650

6.5 MEDIUM
Cross-Site Scripting

📋 TL;DR

This vulnerability allows authenticated subscribers in WordPress to inject malicious scripts into the MainWP Code Snippets Extension plugin. When executed, these scripts can perform actions as the victim user, potentially leading to account takeover or site compromise. All WordPress sites using MainWP Code Snippets Extension version 4.0.2 or earlier are affected.

💻 Affected Systems

Products:
  • WordPress MainWP Code Snippets Extension
Versions: <= 4.0.2
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires WordPress with MainWP Code Snippets Extension installed and at least one subscriber user account.

📦 What is this software?

Code Snippets Extension by Mainwp

View all CVEs affecting Code Snippets Extension →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with subscriber access could inject malicious JavaScript that executes in administrators' browsers, leading to full site compromise, data theft, or malware distribution to visitors.

🟠

Likely Case

Subscriber-level attackers inject scripts that steal session cookies or perform unauthorized actions when administrators view the affected plugin pages.

🟢

If Mitigated

With proper user role management and content security policies, impact is limited to the specific plugin functionality accessible to subscribers.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Requires subscriber-level authentication. XSS payloads are well-documented and easy to craft.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.0.3 or later

Vendor Advisory: https://patchstack.com/database/vulnerability/mainwp-code-snippets-extension/wordpress-mainwp-code-snippets-extension-plugin-4-0-2-subscriber-stored-cross-site-scripting-vulnerability

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Go to Plugins > Installed Plugins. 3. Find MainWP Code Snippets Extension. 4. Click 'Update Now' if available. 5. Alternatively, download version 4.0.3+ from WordPress.org and manually update.

🔧 Temporary Workarounds

Remove subscriber access

all

Temporarily remove all subscriber user roles or restrict their access to plugin functionality

Implement Content Security Policy

all

Add CSP headers to prevent script execution from untrusted sources

Add to .htaccess: Header set Content-Security-Policy "default-src 'self'; script-src 'self'"
Or add to wp-config.php: header("Content-Security-Policy: default-src 'self'; script-src 'self'");

🧯 If You Can't Patch

  • Disable the MainWP Code Snippets Extension plugin entirely
  • Implement strict user role management and audit all subscriber accounts

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin > Plugins > Installed Plugins for MainWP Code Snippets Extension version number

Check Version:

wp plugin list --name="MainWP Code Snippets Extension" --field=version

Verify Fix Applied:

Confirm plugin version is 4.0.3 or higher in WordPress admin panel

📡 Detection & Monitoring

Log Indicators:

  • Unusual POST requests to plugin admin-ajax endpoints
  • JavaScript payloads in plugin-related database entries

Network Indicators:

  • Unexpected JavaScript loading from plugin pages
  • Outbound connections from plugin pages to suspicious domains

SIEM Query:

source="wordpress.log" AND ("mainwp-code-snippets" OR "code-snippets-extension") AND (POST OR admin-ajax)

📊 Metadata

CVE ID: CVE-2023-23650
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
CWE: CWE-79
Published: March 23, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-23650, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)