Lucene search
K

314 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 7:24 p.m.5 views

CVE-2021-24877

The MainWP Child WordPress plugin before 4.1.8 does not validate the orderby and order parameter before using them in a SQL statement, leading to an SQL injection exploitable by high privilege users such as admin when the Backup and Staging by WP Time Capsule plugin is installed...

7.2CVSS7.8AI score0.01238EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/03/30 10:21 a.m.17 views

CVE-2025-31076

Server-Side Request Forgery SSRF vulnerability in WP Compress WP Compress for MainWP wp-compress-mainwp allows Server Side Request Forgery.This issue affects WP Compress for MainWP: from n/a through = 6.30.03...

4.9CVSS7.2AI score0.00172EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/29 12:26 a.m.11 views

CVE-2025-28253

Cross-Site Scripting XSS vulnerability in MainWP MainWP Dashboard v5.3.4 exists in class/class-mainwp-post-handler.php, where unsanitized user input from $POST'sites', $POST'clients', and $POST'search' is passed into the MainWPUser::rendertable function. Despite using sanitizetextfield and...

6.2AI score
Exploits0References3
Patchstack
Patchstack
added 2025/03/28 10:38 a.m.4 views

WordPress WP Compress for MainWP plugin <= 6.30.03 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by theviper17 in WordPress Plugin WP Compress for MainWP versions = 6.30.03...

4.9CVSS7AI score0.00172EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/03/28 10:15 a.m.11 views

CVE-2025-31076

Server-Side Request Forgery SSRF vulnerability in WP Compress WP Compress for MainWP wp-compress-mainwp allows Server Side Request Forgery.This issue affects WP Compress for MainWP: from n/a through = 6.30.03...

4.9CVSS0.00172EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/28 9:39 a.m.20 views

CVE-2025-31076 WordPress WP Compress for MainWP plugin <= 6.30.03 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in WP Compress WP Compress for MainWP wp-compress-mainwp allows Server Side Request Forgery.This issue affects WP Compress for MainWP: from n/a through = 6.30.03...

4.9CVSS0.00172EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/28 9:39 a.m.6 views

CVE-2025-31076 WordPress WP Compress for MainWP plugin <= 6.30.03 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in WP Compress WP Compress for MainWP allows Server Side Request Forgery. This issue affects WP Compress for MainWP: from n/a through 6.30.03...

4.9CVSS7.2AI score0.00172EPSS
Exploits0References1
CVE
CVE
added 2025/03/28 9:39 a.m.49 views

CVE-2025-31076

CVE-2025-31076: WordPress WP Compress for MainWP contains an SSRF vulnerability (Authenticated, Subscriber+). Affected version range: up to 6.30.03. Attack vector and specific endpoint details are not provided in the documents, but the issue is classified as Server-Side Request Forgery with a CVS...

4.9CVSS7.2AI score0.00172EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/28 12:0 a.m.4 views

WordPress plugin WP Compress for MainWP 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

4.9CVSS8.7AI score0.00172EPSS
Exploits0References2
NVD
NVD
added 2025/03/27 11:15 p.m.18 views

CVE-2025-28253

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage...

Exploits0
Vulnrichment
Vulnrichment
added 2025/03/27 12:0 a.m.7 views

CVE-2025-28253

...

6.3AI score
Exploits0
CVE
CVE
added 2025/03/27 12:0 a.m.61 views

CVE-2025-28253

This CVE entry is rejected and not used; it does not represent an active vulnerability.

5.7AI score
Exploits0
Cvelist
Cvelist
added 2025/03/27 12:0 a.m.13 views

CVE-2025-28253

...

Exploits0
RedhatCVE
RedhatCVE
added 2025/02/06 3:10 a.m.13 views

CVE-2016-15041

The MainWP Dashboard – The Private WordPress Manager for Multiple Website Maintenance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mwpsetuppurchaseusername’ parameter in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping...

7.2CVSS6AI score0.01228EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/02/05 11:47 a.m.7 views

CVE-2024-7492

The MainWP Child Reports plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. This is due to missing or incorrect nonce validation on the networkoptionsaction function. This makes it possible for unauthenticated attackers to update arbitrary...

8.8CVSS6.8AI score0.00289EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 5:11 a.m.8 views

CVE-2024-10783

The MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites plugin for WordPress is vulnerable to privilege escalation due to a missing authorization checks on the registersite function in all versions up to, and including, 5.2 when a site is left in an unconfigured stat...

8.1CVSS7.2AI score0.02369EPSS
Exploits0References1
NVD
NVD
added 2024/12/13 10:15 a.m.13 views

CVE-2024-10783

The MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites plugin for WordPress is vulnerable to privilege escalation due to a missing authorization checks on the registersite function in all versions up to, and including, 5.2 when a site is left in an unconfigured stat...

8.1CVSS0.02369EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2024/12/13 9:27 a.m.18 views

CVE-2024-10783 MainWP Child <= 5.2 - Missing Authorization to Unauthenticated Privilege Escalation

The MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites plugin for WordPress is vulnerable to privilege escalation due to a missing authorization checks on the registersite function in all versions up to, and including, 5.2 when a site is left in an unconfigured stat...

8.1CVSS8.1AI score0.02369EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/12/13 9:27 a.m.24 views

CVE-2024-10783 MainWP Child <= 5.3.3 - Missing Authorization to Unauthenticated Privilege Escalation

The MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites plugin for WordPress is vulnerable to privilege escalation due to a missing authorization checks on the registersite function in all versions up to, and including, 5.2 when a site is left in an unconfigured stat...

8.1CVSS0.02369EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/12/13 12:0 a.m.7 views

WordPress plugin MainWP Child 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

8.1CVSS8.6AI score0.02369EPSS
Exploits0References6
Rows per page
Query Builder