Description
The MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance plugin for WordPress is vulnerable to CSS Injection via the ‘newColor’ parameter in all versions up to, and including, 4.5.1.2 due to insufficient input sanitization. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary CSS values into the site tags.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| mainwp | MainWP Dashboard: Self-hosted WordPress Management for Agencies | unaffected |
|
No data.
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2023-58414 | The MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance plugin for WordPress is vulnerable to CSS Injection via the ‘newColor’ parameter in all versions up to, and including, 4.5.1.2 due to insufficient input sanitization. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary CSS values into the site tags. |
References
History
Wed, 08 Apr 2026 17:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | MainWP Dashboard <= 4.5.1.2 - Authenticated(Administrator+) CSS Injection | |
| Weaknesses | CWE-74 |
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published:
Updated: 2026-04-08T17:00:57.400Z
Reserved: 2023-11-15T18:33:03.654Z
Link: CVE-2023-6164
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-11-22T16:15:15.970
Modified: 2026-04-08T18:18:35.137
Link: CVE-2023-6164
Redhat
No data.
OpenCVE Enrichment
No data.