cleantalk
Vulnerabilities and Security Researches

MainWP Child – Securely Connects Sites to the MainWP WordPress Manager Dashboard, CVE-2023-3132

CVE, Research URL

CVE-2023-3132

Home page URL

Security reports for MainWP Child – Securely Connects Sites to the MainWP WordPress Manager Dashboard

Application

MainWP Child – Securely Connects Sites to the MainWP WordPress Manager Dashboard

Published on
Jun 27, 2023
Research Description
The MainWP Child plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.4.1.1 due to insufficient controls on the storage of back-up files. This makes it possible for unauthenticated attackers to extract sensitive data including the entire installations database if a backup occurs and the deletion of the back-up files fail.
Affected versions
max 4.4.1.2.
Status
vulnerable
Previous vulnerability researches
MainWP Child Reports (CVE-2024-33680) , Jun 06, 2024
MainWP Child Reports (CVE-2021-24754) , Jun 06, 2024
MainWP Child Reports (CVE-2024-7492) , Aug 09, 2024
MainWP Child – Securely Connects Sites to the MainWP WordPress Manager Dashboard (CVE-2024-10783) , Dec 15, 2024
MainWP Child – Securely Connects Sites to the MainWP WordPress Manager Dashboard (CVE-2021-24877) , Jun 07, 2024
New vulnerability
GitHub Gist Shortcode Plugin (CVE-2025-12667) , Dec 12, 2025
Cryptocurrency Payment Gateway for WooCommerce (CVE-2025-12392) , Dec 12, 2025
Wbcom Designs – Private Community for BuddyPress (CVE-2025-67582) , Dec 12, 2025
WP-Walla (CVE-2025-12589) , Dec 12, 2025
Master Addons for Elementor (CVE-2025-63055) , Dec 12, 2025