cleantalk
Vulnerabilities and Security Researches

MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance, 9b248cecab4abd7f6880563d1e52efa6690ccf7e

CVE, Research URL

9b248cecab4abd7f6880563d1e52efa6690ccf7e

Home page URL

Security reports for MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance

Application

MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance

Published on
Apr 29, 2016
Research Description
MainWP Dashboard: Self-hosted WordPress Management for Agencies [mainwp] < 3.1.3 MainWP Dashboard – The Private WordPress Manager for Multiple Website Maintenance Plugin <= 3.1.2 - Stored Cross-Site Scripting The MainWP Dashboard – The Private WordPress Manager for Multiple Website Maintenance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mwp_setup_purchase_username’ parameter in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 3.1.3.
Status
vulnerable
Previous vulnerability researches
Elizaibots (CVE-2025-49893) , Aug 20, 2025
Elizaibots (abcf8d2a13b3fd2324a04f9724e5ac9347743677) , Jun 16, 2026
New vulnerability
leenk.me (753d31765913b4d2dbb8af0a5512e5f1f8c70c61) , Jun 16, 2026
Social Hashtags (5abd4657-8a58-4d97-b8cb-b67235ab5b8a) , Jun 16, 2026
Social Hashtags (1965c7b04565befbb11c28b56cb6922733a47b03) , Jun 16, 2026
Social Hashtags (a7cf6766582e354e702766a86f85716127d19bdc) , Jun 16, 2026
Simple Calendar &#8211; Google Calendar Plugin (e98a6264-9c5a-417f-b2f8-bd0017b411a0) , Jun 16, 2026