mainwp mainwp_child の CVE(3 件)

CVE 件数: 3 CPE versions: View versions table

概要

本ページは mainwp mainwp_child に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。

表示中 13 / 3 CVE 件数
«« 先頭 « 前へ 1 / 1 次へ »
CVE 概要 ソース CVSS 最大値 EPSS(%) 公開 更新
CVE-2024-7492 The MainWP Child Reports plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. This is due to missing or incorrect nonce validation on the network_options_action() function. This makes it possible for unauthenticated attackers to update arbitrary options that can be leveraged for privilege escalation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This is only exploitable [email protected] 8.8 0.29% 2024-08-07 2026-06-17
CVE-2023-3132 The MainWP Child plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.4.1.1 due to insufficient controls on the storage of back-up files. This makes it possible for unauthenticated attackers to extract sensitive data including the entire installations database if a backup occurs and the deletion of the back-up files fail. [email protected] 5.9 0.66% 2023-06-26 2026-06-17
CVE-2021-24877 The MainWP Child WordPress plugin before 4.1.8 does not validate the orderby and order parameter before using them in a SQL statement, leading to an SQL injection exploitable by high privilege users such as admin when the Backup and Staging by WP Time Capsule plugin is installed [email protected] 7.2 1.24% 2021-11-23 2026-06-16
«« 先頭 « 前へ 1 / 1 次へ »
cvelogic Threat Intelligence