Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

MainWP — Vulnerabilities & Security Advisories 20

Browse all 20 CVE security advisories affecting MainWP. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by MainWP:MainWP Dashboard: Self-hosted WordPress Management for AgenciesMainWP Child ReportsMainWP Code Snippets ExtensionMainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple SitesMainWP Matomo ExtensionMainWP Maintenance ExtensionMainWP Broken Links Checker ExtensionMainWP Google Analytics ExtensionMainWP Dashboard – WordPress Manager for Multiple Websites MaintenanceMainWP Wordfence ExtensionMainWP File Uploader ExtensionMainWP Links Manager ExtensionMainWP UpdraftPlus ExtensionMainWP Staging Extension
CVE IDTitleCVSSSeverityPublished
CVE-2026-4299 MainWP Child Reports <= 2.2.6 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure via Heartbeat API — MainWP Child ReportsCWE-862 5.3 Medium2026-04-08
CVE-2024-10783 MainWP Child <= 5.3.3 - Missing Authorization to Unauthenticated Privilege Escalation — MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple SitesCWE-862 8.1 High2024-12-13
CVE-2016-15041 MainWP Dashboard – The Private WordPress Manager for Multiple Website Maintenance Plugin <= 3.1.2 - Stored Cross-Site Scripting — MainWP Dashboard: Self-hosted WordPress Management for AgenciesCWE-79 7.2 High2024-10-16
CVE-2024-7492 MainWP Child Reports <= 2.2 - Cross-Site Request Forgery to Arbitrary Options Update — MainWP Child ReportsCWE-352 8.8 High2024-08-08
CVE-2023-23640 WordPress MainWP UpdraftPlus Extension Plugin <= 4.0.6 - Subscriber+ Arbitrary Plugin Activation Vulnerability — MainWP UpdraftPlus ExtensionCWE-862 5.4 Medium2024-06-09
CVE-2023-23639 WordPress MainWP Staging Extension Plugin <= 4.0.3 - Subscriber+ Arbitrary Plugin Activation Vulnerability — MainWP Staging ExtensionCWE-862 5.4 Medium2024-06-09
CVE-2023-23645 WordPress MainWP Code Snippets Extension Plugin <= 4.0.2 - Subscriber+ Arbitrary PHP Code Injection/Execution Vulnerability — MainWP Code Snippets ExtensionCWE-94 9.9 Critical2024-05-17
CVE-2024-33680 WordPress MainWP Child Reports plugin <= 2.1.1 - Cross Site Request Forgery (CSRF) vulnerability — MainWP Child ReportsCWE-352 5.4 Medium2024-04-26
CVE-2023-23649 WordPress MainWP Links Manager Extension Plugin <= 2.1 - Unauthenticated PHP Object Injection Vulnerability — MainWP Links Manager ExtensionCWE-502 8.1 High2024-03-28
CVE-2023-23656 WordPress MainWP File Uploader Extension Plugin <= 4.1 - Unauthenticated Arbitrary File Upload Vulnerability — MainWP File Uploader ExtensionCWE-434 10.0 Critical2024-03-26
CVE-2023-22699 WordPress MainWP Wordfence Extension Plugin <= 4.0.7 - Subscriber+ Arbitrary Plugin Activation Vulnerability — MainWP Wordfence ExtensionCWE-862 5.4 Medium2024-03-25
CVE-2024-1642 MainWP Dashboard <= 4.6.0.1 - Cross-Site Request Forgery via posting_bulk — MainWP Dashboard: Self-hosted WordPress Management for AgenciesCWE-352 4.3 Medium2024-03-13
CVE-2023-38519 WordPress MainWP Plugin <= 4.4.3.3 is vulnerable to SQL Injection — MainWP Dashboard – WordPress Manager for Multiple Websites MaintenanceCWE-89 7.6 High2023-12-20
CVE-2023-6164 MainWP Dashboard <= 4.5.1.2 - Authenticated(Administrator+) CSS Injection — MainWP Dashboard: Self-hosted WordPress Management for AgenciesCWE-74 2.2 Low2023-11-22
CVE-2023-23737 WordPress MainWP Broken Links Checker Extension Plugin <= 4.0 is vulnerable to SQL Injection — MainWP Broken Links Checker ExtensionCWE-89 9.3 Critical2023-10-12
CVE-2023-23651 WordPress MainWP Google Analytics Extension Plugin <= 4.0.4 - SQL Injection vulnerability — MainWP Google Analytics ExtensionCWE-89 8.5 High2023-10-12
CVE-2023-23660 WordPress MainWP Maintenance Extension Plugin <= 4.1.1 is vulnerable to SQL Injection — MainWP Maintenance ExtensionCWE-89 8.5 High2023-07-18
CVE-2023-3132 MainWP Child <= 4.4.1.1 - Information Disclosure via Back-Up Files — MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple SitesCWE-200 5.9 Medium2023-06-27
CVE-2023-23650 WordPress MainWP Code Snippets Extension Plugin <= 4.0.2 is vulnerable to Cross Site Scripting (XSS) — MainWP Code Snippets ExtensionCWE-79 6.5 Medium2023-03-23
CVE-2023-23659 WordPress MainWP Matomo Extension Plugin <= 4.0.4 is vulnerable to Cross Site Request Forgery (CSRF) — MainWP Matomo ExtensionCWE-352 4.3 Medium2023-02-23

This page lists every published CVE security advisory associated with MainWP. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.