318 matches found
CVE-2026-15283
The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.9.33 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2026-15283 WPvivid Backup for MainWP <= 0.9.33 - Authenticated (Admin+) Stored Cross-Site Scripting
The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.9.33 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2026-15283
The CVE pertains to the WPvivid Backup for MainWP WordPress plugin. A stored XSS flaw exists in admin settings across all versions up to 0.9.33 due to insufficient input sanitization and output escaping. This affects multi-site installations and sites where unfiltered_html is disabled, allowing a...
CVE-2026-15283
The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.9.33 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2026-57327
Subscriber Broken Access Control in MainWP = 6.1.1 versions...
CVE-2026-57327 WordPress MainWP plugin <= 6.1.1 - Broken Access Control vulnerability
Subscriber Broken Access Control in MainWP = 6.1.1 versions...
CVE-2026-57327
The connected documents identify CVE-2026-57327 as a vulnerability in the WordPress MainWP plugin up to version 6.1.1 describing a Subscriber/Broken Access Control issue. The underlying root cause is described as broken access control, but the documents do not provide concrete technical details s...
EUVD-2026-40098
Subscriber Broken Access Control in MainWP = 6.1.1 versions...
CVE-2026-27366
Unauthenticated Broken Access Control in MainWP Child = 6.1.1 versions...
EUVD-2026-39362
Unauthenticated Broken Access Control in MainWP Child = 6.1.1 versions...
CVE-2026-27366 WordPress MainWP Child plugin <= 6.1.1 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in MainWP Child = 6.1.1 versions...
CVE-2026-27366
CVE-2026-27366 concerns WordPress WordPress MainWP Child plugin versions
PT-2026-52386
Name of the Vulnerable Software and Affected Versions MainWP Child versions prior to 6.1.2 Description An unauthenticated broken access control issue exists, allowing unauthorized users to bypass access restrictions. Recommendations Update to a version newer than 6.1.1...
WordPress MainWP Child plugin <= 6.1.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by mcdruid in WordPress Plugin MainWP Child versions = 6.1.1...
CVE-2026-4299
The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 2.2.6. This is due to a missing capability check in the heartbeatreceived function in the LiveUpdate class. This makes it possible for authenticated attackers, with...
EUVD-2026-20044
The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 2.2.6. This is due to a missing capability check in the heartbeatreceived function in the LiveUpdate class. This makes it possible for authenticated attackers, with...
CVE-2026-4299
The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 2.2.6. This is due to a missing capability check in the heartbeatreceived function in the LiveUpdate class. This makes it possible for authenticated attackers, with...
CVE-2026-4299
CVE-2026-4299 concerns the WordPress plugin MainWP Child Reports (
CVE-2026-4299 MainWP Child Reports <= 2.2.6 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure via Heartbeat API
The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 2.2.6. This is due to a missing capability check in the heartbeatreceived function in the LiveUpdate class. This makes it possible for authenticated attackers, with...
CVE-2026-4299 MainWP Child Reports <= 2.2.6 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure via Heartbeat API
The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 2.2.6. This is due to a missing capability check in the heartbeatreceived function in the LiveUpdate class. This makes it possible for authenticated attackers, with...