Vulnerabilities and security researches formainwp-child-reports mainwp-child-reports

Aug 09, 2024

CVE, Research URL: CVE-2024-7492
Home page URL: Security reports for MainWP Child Reports
Application: MainWP Child Reports
Date: Aug 08, 2024
Research Description: The MainWP Child Reports plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. This is due to missing or incorrect nonce validation on the network_options_action() function. This makes it possible for unauthenticated attackers to update arbitrary options that can be leveraged for privilege escalation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This is only exploitable on multisite instances.
Affected versions: Min -, max -.
Status: vulnerable

Jun 06, 2024

CVE, Research URL: CVE-2024-33680
Home page URL: Security reports for MainWP Child Reports
Application: MainWP Child Reports
Date: Apr 26, 2024
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in MainWP MainWP Child Reports.This issue affects MainWP Child Reports: from n/a through 2.1.1.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2021-24754
Home page URL: Security reports for MainWP Child Reports
Application: MainWP Child Reports
Date: Oct 18, 2021
Research Description: The MainWP Child Reports WordPress plugin before 2.0.8 does not validate or sanitise the order parameter before using it in a SQL statement in the admin dashboard, leading to an SQL injection issue
Affected versions: Min -, max -.
Status: vulnerable