Lucene search
K

318 matches found

NVD
NVD
added 2024/12/13 10:15 a.m.13 views

CVE-2024-10783

The MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites plugin for WordPress is vulnerable to privilege escalation due to a missing authorization checks on the registersite function in all versions up to, and including, 5.2 when a site is left in an unconfigured stat...

8.1CVSS0.02369EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2024/12/13 9:27 a.m.18 views

CVE-2024-10783 MainWP Child <= 5.2 - Missing Authorization to Unauthenticated Privilege Escalation

The MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites plugin for WordPress is vulnerable to privilege escalation due to a missing authorization checks on the registersite function in all versions up to, and including, 5.2 when a site is left in an unconfigured stat...

8.1CVSS8.1AI score0.02369EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/12/13 9:27 a.m.24 views

CVE-2024-10783 MainWP Child <= 5.3.3 - Missing Authorization to Unauthenticated Privilege Escalation

The MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites plugin for WordPress is vulnerable to privilege escalation due to a missing authorization checks on the registersite function in all versions up to, and including, 5.2 when a site is left in an unconfigured stat...

8.1CVSS0.02369EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/12/13 12:0 a.m.7 views

WordPress plugin MainWP Child 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

8.1CVSS8.6AI score0.02369EPSS
Exploits0References6
Patchstack
Patchstack
added 2024/12/12 10:37 p.m.6 views

WordPress MainWP Child plugin <= 5.2 - Missing Authorization to Unauthenticated Privilege Escalation vulnerability

Missing Authorization to Unauthenticated Privilege Escalation vulnerability discovered by Sean Murphy in WordPress Plugin MainWP Child versions = 5.2...

8.1CVSS7AI score0.02369EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/10/16 7:15 a.m.4 views

CVE-2016-15041

The MainWP Dashboard – The Private WordPress Manager for Multiple Website Maintenance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mwpsetuppurchaseusername’ parameter in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping...

6.1CVSS5.9AI score0.01228EPSS
Exploits3References4
NVD
NVD
added 2024/10/16 7:15 a.m.12 views

CVE-2016-15041

The MainWP Dashboard – The Private WordPress Manager for Multiple Website Maintenance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mwpsetuppurchaseusername’ parameter in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping...

7.2CVSS0.01228EPSS
Exploits3References4
Vulnrichment
Vulnrichment
added 2024/10/16 6:43 a.m.13 views

CVE-2016-15041 MainWP Dashboard – The Private WordPress Manager for Multiple Website Maintenance Plugin <= 3.1.2 - Stored Cross-Site Scripting

The MainWP Dashboard – The Private WordPress Manager for Multiple Website Maintenance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mwpsetuppurchaseusername’ parameter in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping...

7.2CVSS6.1AI score0.01228EPSS
Exploits3References4
CVE
CVE
added 2024/10/16 6:43 a.m.53 views

CVE-2016-15041

Summary: CVE-2016-15041 affects the MainWP Dashboard plugin for WordPress, versions up to and including 3.1.2. It is a stored XSS due to insufficient input sanitization and output escaping in the mwp_setup_purchase_username parameter, exploitable by unauthenticated attackers. Impact (as documente...

7.2CVSS6.3AI score0.01228EPSS
Exploits3References4Affected Software1
Cvelist
Cvelist
added 2024/10/16 6:43 a.m.24 views

CVE-2016-15041 MainWP Dashboard – The Private WordPress Manager for Multiple Website Maintenance Plugin <= 3.1.2 - Stored Cross-Site Scripting

The MainWP Dashboard – The Private WordPress Manager for Multiple Website Maintenance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mwpsetuppurchaseusername’ parameter in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping...

7.2CVSS0.01228EPSS
Exploits3References4
CNNVD
CNNVD
added 2024/10/16 12:0 a.m.10 views

WordPress plugin MainWP Dashboard 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...

7.2CVSS6AI score0.01228EPSS
Exploits3References2
Positive Technologies
Positive Technologies
added 2024/10/16 12:0 a.m.14 views

PT-2024-10574

Name of the Vulnerable Software and Affected Versions MainWP Dashboard – The Private WordPress Manager for Multiple Website Maintenance plugin for WordPress versions up to, and including, 3.1.2 Description The issue is related to Stored Cross-Site Scripting, which occurs due to insufficient input...

7.2CVSS6.2AI score0.01228EPSS
Exploits3References9
VulnCheck KEV
VulnCheck KEV
added 2024/10/15 12:0 a.m.3 views

VulnCheck KEV: CVE-2016-15041

The MainWP Dashboard -The Private WordPress Manager for Multiple Website Maintenance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mwpsetuppurchaseusername' parameter in versions up to, and including, 3.1.2 due to insufficient input sanitization and output...

7.2CVSS5.8AI score0.01228EPSS
Exploits3References1
OSV
OSV
added 2024/08/08 3:15 a.m.2 views

CVE-2024-7492

The MainWP Child Reports plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. This is due to missing or incorrect nonce validation on the networkoptionsaction function. This makes it possible for unauthenticated attackers to update arbitrary...

8.8CVSS5.7AI score0.00289EPSS
Exploits0References3
NVD
NVD
added 2024/08/08 3:15 a.m.29 views

CVE-2024-7492

The MainWP Child Reports plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. This is due to missing or incorrect nonce validation on the networkoptionsaction function. This makes it possible for unauthenticated attackers to update arbitrary...

8.8CVSS0.00289EPSS
Exploits0References3
CVE
CVE
added 2024/08/08 2:32 a.m.64 views

CVE-2024-7492

CVE-2024-7492 affects the MainWP Child Reports WordPress plugin. The WordPress vulnerability is a Cross-Site Request Forgery in all versions up to 2.2, caused by missing or incorrect nonce validation in network_options_action(), enabling unauthenticated attackers to update arbitrary options on mu...

8.8CVSS8.6AI score0.00289EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/08/08 2:26 a.m.4 views

WordPress MainWP Child Reports plugin <= 2.2 - Cross-Site Request Forgery to Arbitrary Options Update vulnerability

Cross-Site Request Forgery to Arbitrary Options Update vulnerability discovered by vgo0 in WordPress Plugin MainWP Child Reports versions = 2.2...

8.8CVSS7AI score0.00289EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/08/08 12:0 a.m.10 views

WordPress MainWP Child Reports Plugin <= 2.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software MainWP Child Reports Type Plugin Vulnerable versions = 2.2 Fixed in 2.2.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-7492 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 52f6716cf94e Credits vgo0 Required...

8.8CVSS6.7AI score0.00289EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/08/08 12:0 a.m.5 views

WordPress plugin MainWP Child Reports 安全漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

8.8CVSS6.3AI score0.00289EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/08/08 12:0 a.m.9 views

PT-2024-38382 · WordPress · Mainwp Child Reports

Name of the Vulnerable Software and Affected Versions: MainWP Child Reports plugin for WordPress versions up to, and including, 2.2 Description: The issue is due to missing or incorrect nonce validation on the network options action function, making it possible for unauthenticated attackers to...

8.8CVSS7.2AI score0.00289EPSS
Exploits0References8
Rows per page
Query Builder