318 matches found
CVE-2021-24754
The MainWP Child Reports WordPress plugin before 2.0.8 does not validate or sanitise the order parameter before using it in a SQL statement in the admin dashboard, leading to an SQL injection issue...
CVE-2021-24754
The MainWP Child Reports WordPress plugin before 2.0.8 does not validate or sanitise the order parameter before using it in a SQL statement in the admin dashboard, leading to an SQL injection issue...
Sql injection
The MainWP Child Reports WordPress plugin before 2.0.8 does not validate or sanitise the order parameter before using it in a SQL statement in the admin dashboard, leading to an SQL injection issue...
CVE-2021-24754
CVE-2021-24754 affects the WordPress MainWP Child Reports plugin prior to version 2.0.8. The vulnerability arises from lack of validation/sanitization of the order parameter in the admin dashboard SQL statement, enabling SQL injection. Public sources (Red Hat, CVE listings, and vulnerability trac...
CVE-2021-24754 MainWP Child Reports < 2.0.8 - Admin+ SQL Injection
The MainWP Child Reports WordPress plugin before 2.0.8 does not validate or sanitise the order parameter before using it in a SQL statement in the admin dashboard, leading to an SQL injection issue...
WordPress 插件 SQL注入漏洞
WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress MainWP Child Reports plugin has a SQL injection vulnerability in versions prior to 2.0.8, which stems...
WordPress MainWP Child Reports plugin <= 2.0.7 - SQL Injection (SQLi) vulnerability
SQL Injection SQLi vulnerability discovered by bl4derunner in WordPress MainWP Child Reports plugin versions = 2.0.7. Solution Update the WordPress MainWP Child Reports plugin to the latest available version at least 2.0.8...
MainWP Child Reports < 2.0.8 - Admin+ SQL Injection
The plugin does not validate or sanitise the order parameter before using it in a SQL statement in the admin dashboard, leading to an SQL injection issue https://example.com/wp-admin/options-general.php?page=mainwp-reports-page&order=+AND+SELECT+7332 FROM+SELECTSLEEP5qiXg - the web page freezes f...
MainWP Child Reports < 2.0.8 - Admin+ SQL Injection
The plugin does not validate or sanitise the order parameter before using it in a SQL statement in the admin dashboard, leading to an SQL injection issue PoC https://example.com/wp-admin/options-general.php?page=mainwp-reports-page=+AND+SELECT+7332 FROM+SELECTSLEEP5qiXg - the web page freezes for...
WordPress MainWP Child plugin <=3.4.4 - Authentication Bypass vulnerability
Authentication Bypass vulnerability found by Slavco in WordPress MainWP Child plugin versions =3.4.4. Solution Update the WordPress MainWP Child plugin to the latest available version at least 3.4.5...
MainWP Child <= 3.4.4 - Authentication Bypass
Not authorized attacker could gain full control of target application if he knows the administrative user name. In case of openssl installed on the server then one request is enough and in case of md5 verification 100k requests will do the job...
WordPress MainWP Plugin <= 3.1.2 - Cross Site Scripting
Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Solution Update this plugin...
MainWP <= 3.1.2 - Unauthenticated Stored Cross-Site Scripting (XSS)
The MainWP Dashboard – The WordPress Manager for Professional Website Maintenance WordPress plugin was affected by an Unauthenticated Stored Cross-Site Scripting XSS security vulnerability...
MainWP <= 2.0.22 - Unspecified
Email sent from vendor to users: "Today we released updates to both the MainWP Dashboard 2.0.23 and MainWP Child 2.0.23 that contain additional security hardening for a possible issue found by Francois Harvey and reported through out White Hat Reward Program. We encourage everyone to update both...
WordPress MainWP Plugin <= 2.0.22 - Unspecified
There is an unknown issue in this plugin. Solution Upgrade this plugin...
Wordpress MainWP Child Plugin 2.0.9.1 /class/MainWPChild.class.php 登录绕过漏洞
/class/MainWPChild.class.php $this-postswheresuffix = ''; $this-commentsandclauses = ''; addaction'templateredirect', array$this, 'templateredirect'; addaction'init', array&$this, 'parseinit'; addaction'adminmenu', array&$this, 'adminmenu'; addaction'admininit', array&$this, 'admininit';...
WordPress MainWP Child Plugin <= 2.0.9.1 - Authentication Bypass
Because of this vulnerability, anyone can log in as an administrator just by knowing the target user’s handle password bypass. Solution Update this plugin...
MainWP Child <= 2.0.9.1 - Authentication Bypass
The MainWP Child – Securely connects sites to the MainWP WordPress Manager Dashboard WordPress plugin was affected by an Authentication Bypass security vulnerability...