CVE-2026-27366
- EPSS 0.22%
- Veröffentlicht 25.06.2026 13:12:29
- Zuletzt bearbeitet 25.06.2026 14:29:49
Unauthenticated Broken Access Control in MainWP Child <= 6.1.1 versions.
CVE-2024-10783
- EPSS 2.3%
- Veröffentlicht 13.12.2024 10:15:06
- Zuletzt bearbeitet 15.04.2026 00:35:42
The MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites plugin for WordPress is vulnerable to privilege escalation due to a missing authorization checks on the register_site function in all versions up to, and including,...
CVE-2024-7492
- EPSS 0.29%
- Veröffentlicht 08.08.2024 03:15:35
- Zuletzt bearbeitet 01.03.2025 01:20:09
The MainWP Child Reports plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. This is due to missing or incorrect nonce validation on the network_options_action() function. This makes it possible...
CVE-2023-3132
- EPSS 0.66%
- Veröffentlicht 27.06.2023 03:15:09
- Zuletzt bearbeitet 08.04.2026 19:18:22
The MainWP Child plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.4.1.1 due to insufficient controls on the storage of back-up files. This makes it possible for unauthenticated attackers to extr...
CVE-2021-24877
- EPSS 1.24%
- Veröffentlicht 23.11.2021 20:15:10
- Zuletzt bearbeitet 21.11.2024 05:53:56
The MainWP Child WordPress plugin before 4.1.8 does not validate the orderby and order parameter before using them in a SQL statement, leading to an SQL injection exploitable by high privilege users such as admin when the Backup and Staging by WP Tim...