EUVD-2023-43817

Malicious code in bioql PyPI...

CVE-2023-3132

The MainWP Child plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.4.1.1 due to insufficient controls on the storage of back-up files. This makes it possible for unauthenticated attackers to extract sensitive data including the entire...

CVE-2021-24877

The MainWP Child WordPress plugin before 4.1.8 does not validate the orderby and order parameter before using them in a SQL statement, leading to an SQL injection exploitable by high privilege users such as admin when the Backup and Staging by WP Time Capsule plugin is installed...

PT-2023-23291 · WordPress · Mainwp Child

Name of the Vulnerable Software and Affected Versions: MainWP Child plugin for WordPress versions up to, and including, 4.4.1.1 Description: The issue allows unauthenticated attackers to extract sensitive data, including the entire installation's database, due to insufficient controls on the...

CVE-2021-24877

The MainWP Child WordPress plugin before 4.1.8 does not validate the orderby and order parameter before using them in a SQL statement, leading to an SQL injection exploitable by high privilege users such as admin when the Backup and Staging by WP Time Capsule plugin is installed...

Wordpress MainWP Child Plugin 2.0.9.1 /class/MainWPChild.class.php 登录绕过漏洞

/class/MainWPChild.class.php $this-postswheresuffix = ''; $this-commentsandclauses = ''; addaction'templateredirect', array$this, 'templateredirect'; addaction'init', array&$this, 'parseinit'; addaction'adminmenu', array&$this, 'adminmenu'; addaction'admininit', array&$this, 'admininit';...