GHSA-72C6-FX6Q-FR5W @fastify/middie vulnerable to middleware authentication bypass in child plugin scopes

Impact @fastify/middie v9.3.1 and earlier incorrectly re-prefixes middleware paths when propagating them to child plugin scopes. When a child plugin is registered with a prefix that overlaps with a parent-scoped middleware path, the middleware path is modified during inheritance and silently fail...

EUVD-2026-23241

@fastify/middie vulnerable to middleware authentication bypass in child plugin scopes...

@fastify/middie vulnerable to middleware authentication bypass in child plugin scopes

Impact @fastify/middie v9.3.1 and earlier incorrectly re-prefixes middleware paths when propagating them to child plugin scopes. When a child plugin is registered with a prefix that overlaps with a parent-scoped middleware path, the middleware path is modified during inheritance and silently fail...

CVE-2026-6270

Summary : The vulnerability affects the Node.js module @fastify/middie, specifically versions 9.3.1 and earlier. The root cause is that inherited middleware is not registered on child plugin engine instances, so when a Fastify app registers authentication middleware in a parent scope and then loa...

CVE-2026-6270 @fastify/middie vulnerable to middleware authentication bypass in child plugin scopes

@fastify/middie versions 9.3.1 and earlier do not register inherited middleware directly on child plugin engine instances. When a Fastify application registers authentication middleware in a parent scope and then registers child plugins with @fastify/middie, the child scope does not inherit the...

CVE-2026-6270 @fastify/middie vulnerable to middleware authentication bypass in child plugin scopes

@fastify/middie versions 9.3.1 and earlier do not register inherited middleware directly on child plugin engine instances. When a Fastify application registers authentication middleware in a parent scope and then registers child plugins with @fastify/middie, the child scope does not inherit the...

@fastify/express's middleware path doubling causes authentication bypass in child plugin scopes

Summary @fastify/express v4.0.4 contains a path handling bug in the onRegister function that causes middleware paths to be doubled when inherited by child plugins. This results in complete bypass of Express middleware security controls for all routes defined within child plugin scopes that share ...

EUVD-2023-43817

Malicious code in bioql PyPI...

CVE-2023-3132

The MainWP Child plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.4.1.1 due to insufficient controls on the storage of back-up files. This makes it possible for unauthenticated attackers to extract sensitive data including the entire...

CVE-2021-24877

The MainWP Child WordPress plugin before 4.1.8 does not validate the orderby and order parameter before using them in a SQL statement, leading to an SQL injection exploitable by high privilege users such as admin when the Backup and Staging by WP Time Capsule plugin is installed...

WordPress MainWP Child plugin <= 5.2 - Missing Authorization to Unauthenticated Privilege Escalation vulnerability

Missing Authorization to Unauthenticated Privilege Escalation vulnerability discovered by Sean Murphy in WordPress Plugin MainWP Child versions = 5.2...

PT-2023-23291 · WordPress · Mainwp Child

Name of the Vulnerable Software and Affected Versions: MainWP Child plugin for WordPress versions up to, and including, 4.4.1.1 Description: The issue allows unauthenticated attackers to extract sensitive data, including the entire installation's database, due to insufficient controls on the...

CVE-2021-24877

The MainWP Child WordPress plugin before 4.1.8 does not validate the orderby and order parameter before using them in a SQL statement, leading to an SQL injection exploitable by high privilege users such as admin when the Backup and Staging by WP Time Capsule plugin is installed...

Wordpress MainWP Child Plugin 2.0.9.1 /class/MainWPChild.class.php 登录绕过漏洞

/class/MainWPChild.class.php $this-postswheresuffix = ''; $this-commentsandclauses = ''; addaction'templateredirect', array$this, 'templateredirect'; addaction'init', array&$this, 'parseinit'; addaction'adminmenu', array&$this, 'adminmenu'; addaction'admininit', array&$this, 'admininit';...

WordPress MainWP Child Plugin <= 2.0.9.1 - Authentication Bypass

Because of this vulnerability, anyone can log in as an administrator just by knowing the target user’s handle password bypass. Solution Update this plugin...