cleantalk
Vulnerabilities and Security Researches

MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance, 18b73427c6ab0cb40bbca65611517a8bcc3cbc53

CVE, Research URL

18b73427c6ab0cb40bbca65611517a8bcc3cbc53

Home page URL

Security reports for MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance

Application

MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance

Published on
Jun 21, 2022
Research Description
MainWP Dashboard: Self-hosted WordPress Management for Agencies [mainwp] < 4.2.5 MainWP Dashboard <= 4.2.4.1 - Cross-Site Request Forgery The MainWP Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.2.4.1. This is due to missing nonce validation on the render() and render_restore() function. This makes it possible for unauthenticated attackers to force site administrators to log into site's managed in the ManageWP portal via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 4.2.5.
Status
vulnerable
Previous vulnerability researches
Countdown, Coming Soon, Maintenance &#8211; Countdown &amp; Clock (73ec6727301fec392c5f3bd54fe7d92994cf0751) , Jun 16, 2026
Countdown, Coming Soon, Maintenance &#8211; Countdown &amp; Clock (CVE-2024-2017) , Jul 22, 2024
Countdown, Coming Soon, Maintenance &#8211; Countdown &amp; Clock (CVE-2025-30841) , Apr 04, 2025
Countdown, Coming Soon, Maintenance &#8211; Countdown &amp; Clock (CVE-2022-0601) , Jun 07, 2024
Countdown, Coming Soon, Maintenance &#8211; Countdown &amp; Clock (CVE-2022-29420) , Jun 07, 2024
New vulnerability
leenk.me (753d31765913b4d2dbb8af0a5512e5f1f8c70c61) , Jun 16, 2026
Social Hashtags (5abd4657-8a58-4d97-b8cb-b67235ab5b8a) , Jun 16, 2026
Social Hashtags (1965c7b04565befbb11c28b56cb6922733a47b03) , Jun 16, 2026
Social Hashtags (a7cf6766582e354e702766a86f85716127d19bdc) , Jun 16, 2026
Simple Calendar &#8211; Google Calendar Plugin (e98a6264-9c5a-417f-b2f8-bd0017b411a0) , Jun 16, 2026