Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Mainwp Security Vulnerabilities

cve
cve

CVE-2021-24754

The MainWP Child Reports WordPress plugin before 2.0.8 does not validate or sanitise the order parameter before using it in a SQL statement in the admin dashboard, leading to an SQL injection issue

7.2CVSS

7.2AI Score

0.001EPSS

2021-10-18 02:15 PM
24
cve
cve

CVE-2021-24877

The MainWP Child WordPress plugin before 4.1.8 does not validate the orderby and order parameter before using them in a SQL statement, leading to an SQL injection exploitable by high privilege users such as admin when the Backup and Staging by WP Time Capsule plugin is installed

7.2CVSS

7.1AI Score

0.001EPSS

2021-11-23 08:15 PM
21
cve
cve

CVE-2023-22699

Missing Authorization vulnerability in MainWP MainWP Wordfence Extension.This issue affects MainWP Wordfence Extension: from n/a through 4.0.7.

5.4CVSS

6.9AI Score

0.0004EPSS

2024-03-25 12:15 PM
29
cve
cve

CVE-2023-23639

Missing Authorization vulnerability in MainWP MainWP Staging Extension.This issue affects MainWP Staging Extension: from n/a through 4.0.3.

5.4CVSS

5.5AI Score

0.0004EPSS

2024-06-09 10:15 AM
27
cve
cve

CVE-2023-23640

Missing Authorization vulnerability in MainWP MainWP UpdraftPlus Extension.This issue affects MainWP UpdraftPlus Extension: from n/a through 4.0.6.

5.4CVSS

5.6AI Score

0.0004EPSS

2024-06-09 10:15 AM
30
cve
cve

CVE-2023-23645

Improper Control of Generation of Code ('Code Injection') vulnerability in MainWP MainWP Code Snippets Extension allows Code Injection.This issue affects MainWP Code Snippets Extension: from n/a through 4.0.2.

9.9CVSS

6.9AI Score

0.0004EPSS

2024-05-17 07:15 AM
42
cve
cve

CVE-2023-23649

Deserialization of Untrusted Data vulnerability in MainWP MainWP Links Manager Extension.This issue affects MainWP Links Manager Extension: from n/a through 2.1.

8.1CVSS

6.8AI Score

0.0004EPSS

2024-03-28 07:15 AM
32
cve
cve

CVE-2023-23650

Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in MainWP MainWP Code Snippets Extension plugin <= 4.0.2 versions.

6.5CVSS

5.3AI Score

0.001EPSS

2023-03-23 02:15 PM
21
cve
cve

CVE-2023-23651

Auth. (subscriber+) SQL Injection (SQLi) vulnerability in MainWP Google Analytics Extension plugin <= 4.0.4 versions.

8.8CVSS

9AI Score

0.001EPSS

2023-10-12 12:15 PM
29
cve
cve

CVE-2023-23656

Unrestricted Upload of File with Dangerous Type vulnerability in MainWP MainWP File Uploader Extension.This issue affects MainWP File Uploader Extension: from n/a through 4.1.

10CVSS

6.9AI Score

0.0004EPSS

2024-03-26 08:15 PM
34
cve
cve

CVE-2023-23659

Cross-Site Request Forgery (CSRF) vulnerability in MainWP Matomo Extension <= 4.0.4 versions.

8.8CVSS

8.8AI Score

0.001EPSS

2023-02-23 03:15 PM
43
cve
cve

CVE-2023-23660

Auth. (subscriber+) SQL Injection (SQLi) vulnerability in MainWP MainWP Maintenance Extension plugin <= 4.1.1 versions.

8.8CVSS

9AI Score

0.001EPSS

2023-07-18 01:15 PM
26
cve
cve

CVE-2023-23737

Unauth. SQL Injection (SQLi) vulnerability in MainWP MainWP Broken Links Checker Extension plugin <= 4.0 versions.

9.8CVSS

9.8AI Score

0.001EPSS

2023-10-12 12:15 PM
26
cve
cve

CVE-2023-3132

The MainWP Child plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.4.1.1 due to insufficient controls on the storage of back-up files. This makes it possible for unauthenticated attackers to extract sensitive data including the entire installat...

7.5CVSS

7.4AI Score

0.003EPSS

2023-06-27 03:15 AM
32
cve
cve

CVE-2023-38519

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MainWP MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance.This issue affects MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance: from n/a through 4.4.3.3.

7.6CVSS

5.7AI Score

0.0005EPSS

2023-12-20 02:15 PM
69
cve
cve

CVE-2023-6164

The MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance plugin for WordPress is vulnerable to CSS Injection via the ‘newColor’ parameter in all versions up to, and including, 4.5.1.2 due to insufficient input sanitization. This makes it possible for authenticated attackers, with ...

4.8CVSS

5.1AI Score

0.0004EPSS

2023-11-22 04:15 PM
42
cve
cve

CVE-2024-1642

The MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.0.1. This is due to missing or incorrect nonce validation on the 'posting_bulk' function. This makes it possible for ...

4.3CVSS

4.7AI Score

0.0004EPSS

2024-03-13 04:15 PM
53
cve
cve

CVE-2024-33680

Cross-Site Request Forgery (CSRF) vulnerability in MainWP MainWP Child Reports.This issue affects MainWP Child Reports: from n/a through 2.1.1.

5.4CVSS

6.8AI Score

0.0004EPSS

2024-04-26 11:15 AM
34
cve
cve

CVE-2024-7492

The MainWP Child Reports plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. This is due to missing or incorrect nonce validation on the network_options_action() function. This makes it possible for unauthenticated attackers to update arbitrar...

8.8CVSS

8.6AI Score

0.001EPSS

2024-08-08 03:15 AM
24