303 matches found
CVE-2026-4299
The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 2.2.6. This is due to a missing capability check in the heartbeatreceived function in the LiveUpdate class. This makes it possible for authenticated attackers, with...
EUVD-2026-20044
The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 2.2.6. This is due to a missing capability check in the heartbeatreceived function in the LiveUpdate class. This makes it possible for authenticated attackers, with...
CVE-2026-4299
The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 2.2.6. This is due to a missing capability check in the heartbeatreceived function in the LiveUpdate class. This makes it possible for authenticated attackers, with...
CVE-2026-4299
CVE-2026-4299 concerns the WordPress plugin MainWP Child Reports (
CVE-2026-4299 MainWP Child Reports <= 2.2.6 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure via Heartbeat API
The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 2.2.6. This is due to a missing capability check in the heartbeatreceived function in the LiveUpdate class. This makes it possible for authenticated attackers, with...
CVE-2026-4299 MainWP Child Reports <= 2.2.6 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure via Heartbeat API
The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 2.2.6. This is due to a missing capability check in the heartbeatreceived function in the LiveUpdate class. This makes it possible for authenticated attackers, with...
WordPress plugin MainWP Child Reports 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
WordPress MainWP Child Reports plugin <= 2.2.6 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure via Heartbeat API vulnerability
Missing Authorization to Authenticated Subscriber+ Information Disclosure via Heartbeat API vulnerability discovered by Hunter Jensen skid in WordPress Plugin MainWP Child Reports versions = 2.2.6...
MainWP Dashboard <= 3.1.2 - Stored Cross-Site Scripting
MainWP Dashboard – The Private WordPress Manager for Multiple Website Maintenance plugin for WordPress versions up to 3.1.2 contains a stored cross-site scripting caused by insufficient input sanitization and output escaping in 'mwpsetuppurchaseusername' parameter, letting unauthenticated attacke...
Exploit for Cross-site Scripting in Mainwp Mainwp_Dashboard
CVE-2016-15041 Testing Environment & Walkthrough Table of...
Exploit for Cross-site Scripting in Mainwp Mainwp_Dashboard
CVE-2016-15041 Lab - MainWP Dashboard Stored XSS Vulnerable l...
CVE-2025-64639
Missing Authorization vulnerability in WP Compress WP Compress for MainWP wp-compress-mainwp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Compress for MainWP: from n/a through = 6.50.17...
EUVD-2025-203590
Missing Authorization vulnerability in WP Compress WP Compress for MainWP wp-compress-mainwp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Compress for MainWP: from n/a through = 6.50.07...
CVE-2025-64639
Missing Authorization vulnerability in WP Compress WP Compress for MainWP wp-compress-mainwp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Compress for MainWP: from n/a through = 6.50.17...
CVE-2025-64639 WordPress WP Compress for MainWP plugin <= 6.50.17 - Broken Access Control vulnerability
Missing Authorization vulnerability in WP Compress WP Compress for MainWP wp-compress-mainwp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Compress for MainWP: from n/a through = 6.50.17...
CVE-2025-64639 WordPress WP Compress for MainWP plugin <= 6.50.17 - Broken Access Control vulnerability
Missing Authorization vulnerability in WP Compress WP Compress for MainWP wp-compress-mainwp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Compress for MainWP: from n/a through = 6.50.17...
CVE-2025-64639
CVE-2025-64639 is a Missing Authorization vulnerability in the WordPress plugin WP Compress for MainWP. Affected: WP Compress for MainWP versions through 6.50.07. Root cause: incorrectly configured access control security levels enabling unauthorized access. CVSSv3.1 base score 5.3 (Network, Low ...
PT-2025-51408
Name of the Vulnerable Software and Affected Versions WP Compress for MainWP versions through 6.50.07 Description An authorization issue exists in WP Compress for MainWP, allowing exploitation of incorrectly configured access control security levels. The issue allows unauthorized access...
WordPress plugin WP Compress for MainWP 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin... A security...
WordPress WP Compress for MainWP plugin <= 6.50.17 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin WP Compress for MainWP versions = 6.50.17...