CVE-2025-64639 WordPress WP Compress for MainWP plugin <= 6.50.17 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Compress WP Compress for MainWP wp-compress-mainwp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Compress for MainWP: from n/a through = 6.50.17...

CVE-2025-64639

CVE-2025-64639 is a Missing Authorization vulnerability in the WordPress plugin WP Compress for MainWP. Affected: WP Compress for MainWP versions through 6.50.07. Root cause: incorrectly configured access control security levels enabling unauthorized access. CVSSv3.1 base score 5.3 (Network, Low ...

EUVD-2023-27823

Malicious code in bioql PyPI...

EUVD-2023-27747

Malicious code in bioql PyPI...

CVE-2025-30932

Missing Authorization vulnerability in WP Compress WP Compress for MainWP wp-compress-mainwp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Compress for MainWP: from n/a through = 6.30.32...

MainWP: Stored Cross-Site Scripting (XSS) in "Add Contact" Name Field – MainWP Plugin

A stored cross-site scripting XSS vulnerability was discovered in the MainWP WordPress plugin. The vulnerability was found in the "Add Contact" Contact Name field, where user input was not properly sanitized before rendering it back into the DOM. As a result, an attacker could inject malicious...

CVE-2023-23650

Auth. subscriber+ Stored Cross-Site Scripting XSS vulnerability in MainWP MainWP Code Snippets Extension plugin = 4.0.2 versions...

WordPress WP Compress for MainWP plugin <= 6.30.03 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by theviper17 in WordPress Plugin WP Compress for MainWP versions = 6.30.03...

CVE-2025-31076 WordPress WP Compress for MainWP plugin <= 6.30.03 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in WP Compress WP Compress for MainWP allows Server Side Request Forgery. This issue affects WP Compress for MainWP: from n/a through 6.30.03...

CVE-2025-31076

CVE-2025-31076: WordPress WP Compress for MainWP contains an SSRF vulnerability (Authenticated, Subscriber+). Affected version range: up to 6.30.03. Attack vector and specific endpoint details are not provided in the documents, but the issue is classified as Server-Side Request Forgery with a CVS...

WordPress WPvivid Backup for MainWP plugin <= 0.9.33 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Khayal Farzaliyev shaman0x01 in WordPress Plugin WPvivid Backup for MainWP versions = 0.9.33...

CVE-2023-38519 WordPress MainWP Plugin <= 4.4.3.3 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in MainWP MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance.This issue affects MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance: from n/a through 4.4.3.3...

WordPress Activity Log For MainWP plugin <= 1.7.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Activity Log For MainWP plugin versions = 1.7.0. Solution Update the WordPress Activity Log For MainWP plugin to the latest available version at least 1.7.1...

WordPress MainWP Plugin <= 3.1.2 - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Solution Update this plugin...