3 matches found
CVE-2024-7492
CVE-2024-7492 affects the MainWP Child Reports WordPress plugin. The WordPress vulnerability is a Cross-Site Request Forgery in all versions up to 2.2, caused by missing or incorrect nonce validation in network_options_action(), enabling unauthenticated attackers to update arbitrary options on mu...
CVE-2023-3132
The CVE-2023-3132 issue affects the WordPress plugin MainWP Child . Vulnerable in versions up to and including 4.4.1.1 due to insufficient controls on the storage of backup files, enabling unauthenticated attackers to extract sensitive data such as the entire installation database when a backup e...
CVE-2021-24877
CVE-2021-24877 affects the WordPress MainWP Child plugin prior to version 4.1.8. The issue is an SQL injection caused by lack of validation of the orderby and order parameters before their use in a SQL statement, exploitable by high-privilege users (e.g., admin) when the Backup and Staging by WP ...