CVE-2024-10783
- EPSS 23.19%
- Veröffentlicht 13.12.2024 10:15:06
- Zuletzt bearbeitet 13.12.2024 10:15:06
The MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites plugin for WordPress is vulnerable to privilege escalation due to a missing authorization checks on the register_site function in all versions up to, and including,...
CVE-2024-7492
- EPSS 0.47%
- Veröffentlicht 08.08.2024 03:15:35
- Zuletzt bearbeitet 01.03.2025 01:20:09
The MainWP Child Reports plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. This is due to missing or incorrect nonce validation on the network_options_action() function. This makes it possible...
CVE-2023-3132
- EPSS 0.42%
- Veröffentlicht 27.06.2023 03:15:09
- Zuletzt bearbeitet 21.11.2024 08:16:31
The MainWP Child plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.4.1.1 due to insufficient controls on the storage of back-up files. This makes it possible for unauthenticated attackers to extr...
CVE-2021-24877
- EPSS 0.57%
- Veröffentlicht 23.11.2021 20:15:10
- Zuletzt bearbeitet 21.11.2024 05:53:56
The MainWP Child WordPress plugin before 4.1.8 does not validate the orderby and order parameter before using them in a SQL statement, leading to an SQL injection exploitable by high privilege users such as admin when the Backup and Staging by WP Tim...