Vulnerabilities and security researches formainwp mainwp

Jun 07, 2024

CVE, Research URL: 372658093cc13a5abafdbea2057f2df4321dd413
Home page URL: Security reports for MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance
Application: MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance
Date: Apr 29, 2016
Research Description: MainWP Dashboard: WordPress Management without the SaaS [mainwp] < 3.1.3 (closed) WordPress MainWP Plugin <= 3.1.2 - Cross Site Scripting Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Update this plugin.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-38519
Home page URL: Security reports for MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance
Application: MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance
Date: Dec 20, 2023
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MainWP MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance.This issue affects MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance: from n/a through 4.4.3.3.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-6164
Home page URL: Security reports for MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance
Application: MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance
Date: Nov 22, 2023
Research Description: The MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance plugin for WordPress is vulnerable to CSS Injection via the ‘newColor’ parameter in all versions up to, and including, 4.5.1.2 due to insufficient input sanitization. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary CSS values into the site tags.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-1642
Home page URL: Security reports for MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance
Application: MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance
Date: Mar 13, 2024
Research Description: The MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.0.1. This is due to missing or incorrect nonce validation on the 'posting_bulk' function. This makes it possible for unauthenticated attackers to delete arbitrary posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

Oct 17, 2024

CVE, Research URL: CVE-2016-15041
Home page URL: Security reports for MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance
Application: MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance
Date: Oct 16, 2024
Research Description: The MainWP Dashboard – The Private WordPress Manager for Multiple Website Maintenance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mwp_setup_purchase_username’ parameter in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Apr 02, 2025

CVE, Research URL: -
Home page URL: Security reports for MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance
Application: MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance
Date: Mar 28, 2025
Research Description: Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
Affected versions: Min -, max -.
Status: vulnerable