Lucene search
K

318 matches found

OSV
OSV
added 2021/10/18 2:15 p.m.2 views

CVE-2021-24754

The MainWP Child Reports WordPress plugin before 2.0.8 does not validate or sanitise the order parameter before using it in a SQL statement in the admin dashboard, leading to an SQL injection issue...

7.2CVSS5.8AI score0.01327EPSS
Exploits2References1
NVD
NVD
added 2021/10/18 2:15 p.m.10 views

CVE-2021-24754

The MainWP Child Reports WordPress plugin before 2.0.8 does not validate or sanitise the order parameter before using it in a SQL statement in the admin dashboard, leading to an SQL injection issue...

7.2CVSS0.01327EPSS
Exploits2References1
Prion
Prion
added 2021/10/18 2:15 p.m.18 views

Sql injection

The MainWP Child Reports WordPress plugin before 2.0.8 does not validate or sanitise the order parameter before using it in a SQL statement in the admin dashboard, leading to an SQL injection issue...

6.5CVSS7.3AI score0.01327EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2021/10/18 1:46 p.m.46 views

CVE-2021-24754

CVE-2021-24754 affects the WordPress MainWP Child Reports plugin prior to version 2.0.8. The vulnerability arises from lack of validation/sanitization of the order parameter in the admin dashboard SQL statement, enabling SQL injection. Public sources (Red Hat, CVE listings, and vulnerability trac...

7.2CVSS7.2AI score0.01327EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2021/10/18 1:46 p.m.15 views

CVE-2021-24754 MainWP Child Reports < 2.0.8 - Admin+ SQL Injection

The MainWP Child Reports WordPress plugin before 2.0.8 does not validate or sanitise the order parameter before using it in a SQL statement in the admin dashboard, leading to an SQL injection issue...

7.5AI score0.01327EPSS
Exploits2References1
CNNVD
CNNVD
added 2021/10/18 12:0 a.m.4 views

WordPress 插件 SQL注入漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress MainWP Child Reports plugin has a SQL injection vulnerability in versions prior to 2.0.8, which stems...

7.2CVSS6.1AI score0.01327EPSS
Exploits2References2
Patchstack
Patchstack
added 2021/09/20 12:0 a.m.23 views

WordPress MainWP Child Reports plugin <= 2.0.7 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability discovered by bl4derunner in WordPress MainWP Child Reports plugin versions = 2.0.7. Solution Update the WordPress MainWP Child Reports plugin to the latest available version at least 2.0.8...

7.2CVSS2.3AI score0.01327EPSS
Exploits2References3Affected Software1
wpexploit
wpexploit
added 2021/09/20 12:0 a.m.744 views

MainWP Child Reports < 2.0.8 - Admin+ SQL Injection

The plugin does not validate or sanitise the order parameter before using it in a SQL statement in the admin dashboard, leading to an SQL injection issue https://example.com/wp-admin/options-general.php?page=mainwp-reports-page&order=+AND+SELECT+7332 FROM+SELECTSLEEP5qiXg - the web page freezes f...

7.2CVSS0.8AI score0.01327EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2021/09/20 12:0 a.m.19 views

MainWP Child Reports < 2.0.8 - Admin+ SQL Injection

The plugin does not validate or sanitise the order parameter before using it in a SQL statement in the admin dashboard, leading to an SQL injection issue PoC https://example.com/wp-admin/options-general.php?page=mainwp-reports-page=+AND+SELECT+7332 FROM+SELECTSLEEP5qiXg - the web page freezes for...

7.2CVSS7.3AI score0.01327EPSS
Exploits2Affected Software1
Patchstack
Patchstack
added 2018/03/02 12:0 a.m.9 views

WordPress MainWP Child plugin <=3.4.4 - Authentication Bypass vulnerability

Authentication Bypass vulnerability found by Slavco in WordPress MainWP Child plugin versions =3.4.4. Solution Update the WordPress MainWP Child plugin to the latest available version at least 3.4.5...

3AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2018/02/28 12:0 a.m.11 views

MainWP Child <= 3.4.4 - Authentication Bypass

Not authorized attacker could gain full control of target application if he knows the administrative user name. In case of openssl installed on the server then one request is enough and in case of md5 verification 100k requests will do the job...

3.4AI score
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2016/04/29 12:0 a.m.8 views

WordPress MainWP Plugin <= 3.1.2 - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Solution Update this plugin...

2.1AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2016/04/29 12:0 a.m.10 views

MainWP <= 3.1.2 - Unauthenticated Stored Cross-Site Scripting (XSS)

The MainWP Dashboard – The WordPress Manager for Professional Website Maintenance WordPress plugin was affected by an Unauthenticated Stored Cross-Site Scripting XSS security vulnerability...

1.5AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/08/08 12:0 a.m.13 views

MainWP <= 2.0.22 - Unspecified

Email sent from vendor to users: "Today we released updates to both the MainWP Dashboard 2.0.23 and MainWP Child 2.0.23 that contain additional security hardening for a possible issue found by Francois Harvey and reported through out White Hat Reward Program. We encourage everyone to update both...

0.1AI score
Exploits0References1Affected Software2
Patchstack
Patchstack
added 2015/08/08 12:0 a.m.6 views

WordPress MainWP Plugin <= 2.0.22 - Unspecified

There is an unknown issue in this plugin. Solution Upgrade this plugin...

3.2AI score
Exploits0References1Affected Software1
seebug.org
seebug.org
added 2015/03/16 12:0 a.m.36 views

Wordpress MainWP Child Plugin 2.0.9.1 /class/MainWPChild.class.php 登录绕过漏洞

/class/MainWPChild.class.php $this-postswheresuffix = ''; $this-commentsandclauses = ''; addaction'templateredirect', array$this, 'templateredirect'; addaction'init', array&$this, 'parseinit'; addaction'adminmenu', array&$this, 'adminmenu'; addaction'admininit', array&$this, 'admininit';...

7.1AI score
Exploits0
Patchstack
Patchstack
added 2015/03/09 12:0 a.m.10 views

WordPress MainWP Child Plugin <= 2.0.9.1 - Authentication Bypass

Because of this vulnerability, anyone can log in as an administrator just by knowing the target user’s handle password bypass. Solution Update this plugin...

1.7AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/03/09 12:0 a.m.7 views

MainWP Child <= 2.0.9.1 - Authentication Bypass

The MainWP Child – Securely connects sites to the MainWP WordPress Manager Dashboard WordPress plugin was affected by an Authentication Bypass security vulnerability...

2.3AI score
Exploits0References1Affected Software1
Rows per page
Query Builder