Vulnerabilities in mainwp

20 results

CVE-2024-10783HIGHMainWP Child <= 5.3.3 - Missing Authorization to Unauthenticated Privilege EscalationEPSS 2.3%CVE-2016-15041HIGHMainWP Dashboard – The Private WordPress Manager for Multiple Website Maintenance Plugin <= 3.1.2 - Stored Cross-Site ScriptingEPSS 1.2%CVE-2023-23645CRITICALWordPress MainWP Code Snippets Extension Plugin <= 4.0.2 - Subscriber+ Arbitrary PHP Code Injection/Execution VulnerabilityEPSS 1.0%CVE-2023-23656CRITICALWordPress MainWP File Uploader Extension Plugin <= 4.1 - Unauthenticated Arbitrary File Upload VulnerabilityEPSS 0.8%CVE-2023-23660HIGHWordPress MainWP Maintenance Extension Plugin <= 4.1.1 is vulnerable to SQL InjectionEPSS 0.8%CVE-2023-23649HIGHWordPress MainWP Links Manager Extension Plugin <= 2.1 - Unauthenticated PHP Object Injection VulnerabilityEPSS 0.8%CVE-2023-3132MEDIUMMainWP Child <= 4.4.1.1 - Information Disclosure via Back-Up FilesEPSS 0.7%CVE-2023-23737CRITICALWordPress MainWP Broken Links Checker Extension Plugin <= 4.0 is vulnerable to SQL InjectionEPSS 0.6%CVE-2023-23651HIGHWordPress MainWP Google Analytics Extension Plugin <= 4.0.4 - SQL Injection vulnerabilityEPSS 0.6%CVE-2023-38519HIGHWordPress MainWP Plugin <= 4.4.3.3 is vulnerable to SQL InjectionEPSS 0.6%CVE-2026-4299MEDIUMMainWP Child Reports <= 2.2.6 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure via Heartbeat APIEPSS 0.5%CVE-2023-6164LOWMainWP Dashboard <= 4.5.1.2 - Authenticated(Administrator+) CSS InjectionEPSS 0.4%CVE-2023-23650MEDIUMWordPress MainWP Code Snippets Extension Plugin <= 4.0.2 is vulnerable to Cross Site Scripting (XSS)EPSS 0.4%CVE-2023-22699MEDIUMWordPress MainWP Wordfence Extension Plugin <= 4.0.7 - Subscriber+ Arbitrary Plugin Activation VulnerabilityEPSS 0.3%CVE-2024-1642MEDIUMMainWP Dashboard <= 4.6.0.1 - Cross-Site Request Forgery via posting_bulkEPSS 0.3%CVE-2023-23640MEDIUMWordPress MainWP UpdraftPlus Extension Plugin <= 4.0.6 - Subscriber+ Arbitrary Plugin Activation VulnerabilityEPSS 0.3%CVE-2023-23639MEDIUMWordPress MainWP Staging Extension Plugin <= 4.0.3 - Subscriber+ Arbitrary Plugin Activation VulnerabilityEPSS 0.3%CVE-2024-7492HIGHMainWP Child Reports <= 2.2 - Cross-Site Request Forgery to Arbitrary Options UpdateEPSS 0.3%CVE-2023-23659MEDIUMWordPress MainWP Matomo Extension Plugin <= 4.0.4 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.3%CVE-2024-33680MEDIUMWordPress MainWP Child Reports plugin <= 2.1.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%