CVE-2026-4299

The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 2.2.6. This is due to a missing capability check in the heartbeatreceived function in the LiveUpdate class. This makes it possible for authenticated attackers, with...

EUVD-2026-20044

The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 2.2.6. This is due to a missing capability check in the heartbeatreceived function in the LiveUpdate class. This makes it possible for authenticated attackers, with...

CVE-2026-4299

The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 2.2.6. This is due to a missing capability check in the heartbeatreceived function in the LiveUpdate class. This makes it possible for authenticated attackers, with...

CVE-2026-4299 MainWP Child Reports <= 2.2.6 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure via Heartbeat API

The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 2.2.6. This is due to a missing capability check in the heartbeatreceived function in the LiveUpdate class. This makes it possible for authenticated attackers, with...

CVE-2026-4299 MainWP Child Reports <= 2.2.6 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure via Heartbeat API

The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 2.2.6. This is due to a missing capability check in the heartbeatreceived function in the LiveUpdate class. This makes it possible for authenticated attackers, with...

WordPress plugin MainWP Child Reports 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

EUVD-2021-11666

Malware in sbrugna...

EUVD-2023-43817

Malicious code in bioql PyPI...

CVE-2024-33680

Cross-Site Request Forgery CSRF vulnerability in MainWP MainWP Child Reports.This issue affects MainWP Child Reports: from n/a through 2.1.1...

CVE-2023-3132

The MainWP Child plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.4.1.1 due to insufficient controls on the storage of back-up files. This makes it possible for unauthenticated attackers to extract sensitive data including the entire...

CVE-2021-24754

The MainWP Child Reports WordPress plugin before 2.0.8 does not validate or sanitise the order parameter before using it in a SQL statement in the admin dashboard, leading to an SQL injection issue...

CVE-2021-24877

The MainWP Child WordPress plugin before 4.1.8 does not validate the orderby and order parameter before using them in a SQL statement, leading to an SQL injection exploitable by high privilege users such as admin when the Backup and Staging by WP Time Capsule plugin is installed...

CVE-2024-7492

The MainWP Child Reports plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. This is due to missing or incorrect nonce validation on the networkoptionsaction function. This makes it possible for unauthenticated attackers to update arbitrary...

CVE-2024-10783

The MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites plugin for WordPress is vulnerable to privilege escalation due to a missing authorization checks on the registersite function in all versions up to, and including, 5.2 when a site is left in an unconfigured stat...

CVE-2024-10783 MainWP Child <= 5.3.3 - Missing Authorization to Unauthenticated Privilege Escalation

The MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites plugin for WordPress is vulnerable to privilege escalation due to a missing authorization checks on the registersite function in all versions up to, and including, 5.2 when a site is left in an unconfigured stat...

CVE-2024-10783 MainWP Child <= 5.2 - Missing Authorization to Unauthenticated Privilege Escalation

The MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites plugin for WordPress is vulnerable to privilege escalation due to a missing authorization checks on the registersite function in all versions up to, and including, 5.2 when a site is left in an unconfigured stat...

WordPress plugin MainWP Child 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

CVE-2024-7492

The MainWP Child Reports plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. This is due to missing or incorrect nonce validation on the networkoptionsaction function. This makes it possible for unauthenticated attackers to update arbitrary...

CVE-2024-7492

CVE-2024-7492 affects the MainWP Child Reports WordPress plugin. The WordPress vulnerability is a Cross-Site Request Forgery in all versions up to 2.2, caused by missing or incorrect nonce validation in network_options_action(), enabling unauthenticated attackers to update arbitrary options on mu...

PT-2024-38382 · WordPress · Mainwp Child Reports

Name of the Vulnerable Software and Affected Versions: MainWP Child Reports plugin for WordPress versions up to, and including, 2.2 Description: The issue is due to missing or incorrect nonce validation on the network options action function, making it possible for unauthenticated attackers to...