Lucene search
K

27 matches found

RedhatCVE
RedhatCVE
added 2026/04/13 7:24 p.m.7 views

CVE-2026-4299

The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 2.2.6. This is due to a missing capability check in the heartbeatreceived function in the LiveUpdate class. This makes it possible for authenticated attackers, with...

5.3CVSS5.7AI score0.00545EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/08 6:31 a.m.5 views

EUVD-2026-20044

The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 2.2.6. This is due to a missing capability check in the heartbeatreceived function in the LiveUpdate class. This makes it possible for authenticated attackers, with...

5.3CVSS5.8AI score0.00545EPSS
Exploits0References7
NVD
NVD
added 2026/04/08 5:16 a.m.8 views

CVE-2026-4299

The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 2.2.6. This is due to a missing capability check in the heartbeatreceived function in the LiveUpdate class. This makes it possible for authenticated attackers, with...

5.3CVSS0.00545EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/08 3:36 a.m.3 views

CVE-2026-4299 MainWP Child Reports <= 2.2.6 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure via Heartbeat API

The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 2.2.6. This is due to a missing capability check in the heartbeatreceived function in the LiveUpdate class. This makes it possible for authenticated attackers, with...

5.3CVSS5.7AI score0.00545EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/04/08 3:36 a.m.20 views

CVE-2026-4299 MainWP Child Reports <= 2.2.6 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure via Heartbeat API

The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 2.2.6. This is due to a missing capability check in the heartbeatreceived function in the LiveUpdate class. This makes it possible for authenticated attackers, with...

5.3CVSS0.00545EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.10 views

WordPress plugin MainWP Child Reports 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

5.3CVSS5.8AI score0.00545EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-11666

Malware in sbrugna...

7.2CVSS7AI score0.01327EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2025/05/23 10:20 a.m.6 views

CVE-2024-33680

Cross-Site Request Forgery CSRF vulnerability in MainWP MainWP Child Reports.This issue affects MainWP Child Reports: from n/a through 2.1.1...

5.4CVSS5.1AI score0.00198EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:31 p.m.4 views

CVE-2021-24754

The MainWP Child Reports WordPress plugin before 2.0.8 does not validate or sanitise the order parameter before using it in a SQL statement in the admin dashboard, leading to an SQL injection issue...

7.2CVSS7.9AI score0.01327EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/02/05 11:47 a.m.7 views

CVE-2024-7492

The MainWP Child Reports plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. This is due to missing or incorrect nonce validation on the networkoptionsaction function. This makes it possible for unauthenticated attackers to update arbitrary...

8.8CVSS6.8AI score0.00289EPSS
Exploits0References1
NVD
NVD
added 2024/08/08 3:15 a.m.29 views

CVE-2024-7492

The MainWP Child Reports plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. This is due to missing or incorrect nonce validation on the networkoptionsaction function. This makes it possible for unauthenticated attackers to update arbitrary...

8.8CVSS0.00289EPSS
Exploits0References3
CVE
CVE
added 2024/08/08 2:32 a.m.64 views

CVE-2024-7492

CVE-2024-7492 affects the MainWP Child Reports WordPress plugin. The WordPress vulnerability is a Cross-Site Request Forgery in all versions up to 2.2, caused by missing or incorrect nonce validation in network_options_action(), enabling unauthenticated attackers to update arbitrary options on mu...

8.8CVSS8.6AI score0.00289EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/08/08 12:0 a.m.10 views

WordPress MainWP Child Reports Plugin <= 2.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software MainWP Child Reports Type Plugin Vulnerable versions = 2.2 Fixed in 2.2.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-7492 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 52f6716cf94e Credits vgo0 Required...

8.8CVSS6.7AI score0.00289EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/08/08 12:0 a.m.9 views

PT-2024-38382 · WordPress · Mainwp Child Reports

Name of the Vulnerable Software and Affected Versions: MainWP Child Reports plugin for WordPress versions up to, and including, 2.2 Description: The issue is due to missing or incorrect nonce validation on the network options action function, making it possible for unauthenticated attackers to...

8.8CVSS7.2AI score0.00289EPSS
Exploits0References8
OSV
OSV
added 2024/04/26 11:15 a.m.4 views

CVE-2024-33680

Cross-Site Request Forgery CSRF vulnerability in MainWP MainWP Child Reports.This issue affects MainWP Child Reports: from n/a through 2.1.1...

5.4CVSS5.8AI score0.00198EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/26 10:37 a.m.15 views

CVE-2024-33680 WordPress MainWP Child Reports plugin <= 2.1.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in MainWP MainWP Child Reports.This issue affects MainWP Child Reports: from n/a through 2.1.1...

5.4CVSS7AI score0.00198EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/26 10:37 a.m.18 views

CVE-2024-33680 WordPress MainWP Child Reports plugin <= 2.1.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in MainWP MainWP Child Reports.This issue affects MainWP Child Reports: from n/a through 2.1.1...

5.4CVSS5.7AI score0.00198EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/04/26 7:52 a.m.7 views

WordPress MainWP Child Reports plugin <= 2.1.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Brandon Roldan Patchstack Alliance in WordPress Plugin MainWP Child Reports versions = 2.1.1...

5.4CVSS7AI score0.00198EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2024/04/26 12:0 a.m.4 views

WordPress plugin MainWP Child Reports 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

5.4CVSS6.4AI score0.00198EPSS
Exploits0References2
CNVD
CNVD
added 2021/10/24 12:0 a.m.16 views

WordPress MainWP Child Reports plugin SQL injection vulnerability

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress MainWP Child Reports plugin has a SQL injection vulnerability in versions prior to 2.0.8, which stems...

7.2CVSS2.9AI score0.01327EPSS
Exploits2References1
Rows per page
Query Builder