Lucene search
K

318 matches found

NVD
NVD
added 4 days ago8 views

CVE-2026-15283

The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.9.33 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS0.00187EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-15283 WPvivid Backup for MainWP <= 0.9.33 - Authenticated (Admin+) Stored Cross-Site Scripting

The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.9.33 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS0.00187EPSS
Exploits0References2
CVE
CVE
added 4 days ago9 views

CVE-2026-15283

The CVE pertains to the WPvivid Backup for MainWP WordPress plugin. A stored XSS flaw exists in admin settings across all versions up to 0.9.33 due to insufficient input sanitization and output escaping. This affects multi-site installations and sites where unfiltered_html is disabled, allowing a...

4.4CVSS6AI score0.00187EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago7 views

CVE-2026-15283

The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.9.33 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS6AI score0.00187EPSS
Exploits0References3
NVD
NVD
added 2026/06/29 3:16 p.m.8 views

CVE-2026-57327

Subscriber Broken Access Control in MainWP = 6.1.1 versions...

6.3CVSS0.00249EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/29 1:36 p.m.32 views

CVE-2026-57327 WordPress MainWP plugin <= 6.1.1 - Broken Access Control vulnerability

Subscriber Broken Access Control in MainWP = 6.1.1 versions...

6.3CVSS0.00249EPSS
Exploits0References1
CVE
CVE
added 2026/06/29 1:36 p.m.15 views

CVE-2026-57327

The connected documents identify CVE-2026-57327 as a vulnerability in the WordPress MainWP plugin up to version 6.1.1 describing a Subscriber/Broken Access Control issue. The underlying root cause is described as broken access control, but the documents do not provide concrete technical details s...

6.3CVSS5.8AI score0.00249EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/29 1:36 p.m.7 views

EUVD-2026-40098

Subscriber Broken Access Control in MainWP = 6.1.1 versions...

6.3CVSS5.8AI score0.00249EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 2:16 p.m.8 views

CVE-2026-27366

Unauthenticated Broken Access Control in MainWP Child = 6.1.1 versions...

7.5CVSS0.00223EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:12 p.m.5 views

EUVD-2026-39362

Unauthenticated Broken Access Control in MainWP Child = 6.1.1 versions...

7.5CVSS5.8AI score0.00223EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 1:12 p.m.30 views

CVE-2026-27366 WordPress MainWP Child plugin <= 6.1.1 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in MainWP Child = 6.1.1 versions...

7.5CVSS0.00223EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 1:12 p.m.16 views

CVE-2026-27366

CVE-2026-27366 concerns WordPress WordPress MainWP Child plugin versions

7.5CVSS5.8AI score0.00223EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.12 views

PT-2026-52386

Name of the Vulnerable Software and Affected Versions MainWP Child versions prior to 6.1.2 Description An unauthenticated broken access control issue exists, allowing unauthorized users to bypass access restrictions. Recommendations Update to a version newer than 6.1.1...

7.5CVSS5.8AI score0.00223EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/06/23 9:6 a.m.7 views

WordPress MainWP Child plugin <= 6.1.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by mcdruid in WordPress Plugin MainWP Child versions = 6.1.1...

7.5CVSS5.8AI score0.00223EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/13 7:24 p.m.7 views

CVE-2026-4299

The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 2.2.6. This is due to a missing capability check in the heartbeatreceived function in the LiveUpdate class. This makes it possible for authenticated attackers, with...

5.3CVSS5.7AI score0.00545EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/08 6:31 a.m.5 views

EUVD-2026-20044

The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 2.2.6. This is due to a missing capability check in the heartbeatreceived function in the LiveUpdate class. This makes it possible for authenticated attackers, with...

5.3CVSS5.8AI score0.00545EPSS
Exploits0References7
NVD
NVD
added 2026/04/08 5:16 a.m.8 views

CVE-2026-4299

The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 2.2.6. This is due to a missing capability check in the heartbeatreceived function in the LiveUpdate class. This makes it possible for authenticated attackers, with...

5.3CVSS0.00545EPSS
Exploits0References6
CVE
CVE
added 2026/04/08 3:36 a.m.9 views

CVE-2026-4299

CVE-2026-4299 concerns the WordPress plugin MainWP Child Reports (

5.3CVSS5.8AI score0.00545EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/08 3:36 a.m.3 views

CVE-2026-4299 MainWP Child Reports <= 2.2.6 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure via Heartbeat API

The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 2.2.6. This is due to a missing capability check in the heartbeatreceived function in the LiveUpdate class. This makes it possible for authenticated attackers, with...

5.3CVSS5.7AI score0.00545EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/04/08 3:36 a.m.20 views

CVE-2026-4299 MainWP Child Reports <= 2.2.6 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure via Heartbeat API

The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 2.2.6. This is due to a missing capability check in the heartbeatreceived function in the LiveUpdate class. This makes it possible for authenticated attackers, with...

5.3CVSS0.00545EPSS
Exploits0References6
Rows per page
Query Builder