CVE-2023-23649 - Vulnerability Details

- WordPress MainWP Links Manager Extension Plugin <= 2.1 - Unauthenticated PHP Object Injection Vulnerability

Description

Deserialization of Untrusted Data vulnerability in MainWP MainWP Links Manager Extension.This issue affects MainWP Links Manager Extension: from n/a through 2.1.

Published: 2024-03-28

Score: 8.1 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

MainWP

MainWP Links Manager Extension

unaffected

Version	Status	Constraints
`n/a`	affected	≤ 2.1

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2023-27736	Deserialization of Untrusted Data vulnerability in MainWP MainWP Links Manager Extension.This issue affects MainWP Links Manager Extension: from n/a through 2.1.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00735.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://patchstack.com/database/vulnerability/mainwp-links-manager-extension/wordpress-mainwp-links-manager-extension-plugin-2-1-unauthenticated-php-object-injection-vulnerability?_s_id=cve

History

Thu, 30 Apr 2026 04:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Mainwp Mainwp mainwp Links Manager Extension
CPEs		cpe:2.3:a:mainwp:mainwp_links_manager_extension::::::::
Vendors & Products		Mainwp Mainwp mainwp Links Manager Extension
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 28 Apr 2026 18:30:00 +0000

Type	Values Removed	Values Added
Description	Deserialization of Untrusted Data vulnerability in MainWP MainWP Links Manager Extension.This issue affects MainWP Links Manager Extension: from n/a through 2.1.	Deserialization of Untrusted Data vulnerability in MainWP MainWP Links Manager Extension.This issue affects MainWP Links Manager Extension: from n/a through 2.1.

Subscriptions

Mainwp Mainwp Links Manager Extension

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2024-03-28T06:12:22.156Z

Updated: 2026-04-28T16:07:59.769Z

Reserved: 2023-01-17T05:01:31.003Z

Link: CVE-2023-23649

Vulnrichment

Updated: 2024-08-02T10:35:33.743Z

NVD

Status : Deferred

Published: 2024-03-28T07:15:49.083

Modified: 2026-04-28T19:19:22.593

Link: CVE-2023-23649

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-502

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object