Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total4
Critical0
High3
Medium1
Reset
Showing 1-4 of 4 records
Threat Entry Updated 2024-12-13

CVE-2024-10783 - Mainwp Child Plugin

The MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites plugin for WordPress is vulnerable to privilege escalation due to a missing authorization checks on the register_site function in all versions up to, and including, 5.2 when a site is left in an unconfigured state. This makes it possible for unauthenticated attackers to log in as an administrator on instances where MainWP Child is not yet connected to the MainWP Dashboard. IMPORTANT: this only affects sites who have MainWP Child installed and have not yet connected…

PLUGIN Mainwp Child

CVE-2024-10783

HIGH CVSS 8.1 2024-12-13
Open Full Technical Breakdown
Threat Entry Updated 2025-03-01

CVE-2024-7492 - Mainwp Child Plugin

The MainWP Child Reports plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. This is due to missing or incorrect nonce validation on the network_options_action() function. This makes it possible for unauthenticated attackers to update arbitrary options that can be leveraged for privilege escalation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This is only exploitable on multisite instances.

PLUGIN Mainwp Child

CVE-2024-7492

HIGH CVSS 8.8 2024-08-08
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-3132 - Mainwp Child Plugin

The MainWP Child plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.4.1.1 due to insufficient controls on the storage of back-up files. This makes it possible for unauthenticated attackers to extract sensitive data including the entire installations database if a backup occurs and the deletion of the back-up files fail.

PLUGIN Mainwp Child

CVE-2023-3132

MEDIUM CVSS 5.9 2023-06-27
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24877 - Mainwp Child Plugin

The MainWP Child WordPress plugin before 4.1.8 does not validate the orderby and order parameter before using them in a SQL statement, leading to an SQL injection exploitable by high privilege users such as admin when the Backup and Staging by WP Time Capsule plugin is installed

PLUGIN Mainwp Child

CVE-2021-24877

HIGH CVSS 7.2 2021-11-23
Open Full Technical Breakdown
Scroll to top