cleantalk
Vulnerabilities and Security Researches

MainWP Child Reports, CVE-2024-7492

CVE, Research URL

CVE-2024-7492

Home page URL

Security reports for MainWP Child Reports

Application

MainWP Child Reports

Published on
Aug 08, 2024
Research Description
The MainWP Child Reports plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. This is due to missing or incorrect nonce validation on the network_options_action() function. This makes it possible for unauthenticated attackers to update arbitrary options that can be leveraged for privilege escalation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This is only exploitable on multisite instances.
Affected versions
Min -, max 2.2.1.
Status
vulnerable
Previous vulnerability researches
MainWP Child Reports (CVE-2024-33680) , Jun 06, 2024
MainWP Child Reports (CVE-2021-24754) , Jun 06, 2024
MainWP Child Reports (CVE-2024-7492) , Aug 09, 2024
New vulnerability
License For Envato (CVE-2025-39399) , Apr 25, 2025
occupancyplan (CVE-2025-46450) , Apr 25, 2025
Wp Custom CMS Block (CVE-2025-46457) , Apr 25, 2025
Google News (CVE-2025-46452) , Apr 25, 2025
LSD Custom taxonomy and category meta (CVE-2025-46502) , Apr 25, 2025