2 matches found
CVE-2024-7492
CVE-2024-7492 affects the MainWP Child Reports WordPress plugin. The WordPress vulnerability is a Cross-Site Request Forgery in all versions up to 2.2, caused by missing or incorrect nonce validation in network_options_action(), enabling unauthenticated attackers to update arbitrary options on mu...
CVE-2021-24877
CVE-2021-24877 affects the WordPress MainWP Child plugin prior to version 4.1.8. The issue is an SQL injection caused by lack of validation of the orderby and order parameters before their use in a SQL statement, exploitable by high-privilege users (e.g., admin) when the Backup and Staging by WP ...