cleantalk
Vulnerabilities and Security Researches

MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance, CVE-2016-15041

CVE, Research URL

CVE-2016-15041

Home page URL

Security reports for MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance

Application

MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance

Published on
Oct 16, 2024
Research Description
The MainWP Dashboard – The Private WordPress Manager for Multiple Website Maintenance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mwp_setup_purchase_username’ parameter in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 3.1.3.
Status
vulnerable
Previous vulnerability researches
SEOPress for MainWP (CVE-2025-48298) , Jul 28, 2025
WP Compress for MainWP (CVE-2025-31076) , Apr 03, 2025
WP Compress for MainWP (CVE-2025-30932) , Jun 15, 2025
Activity Log For MainWP (CVE-2022-4974) , Oct 20, 2024
Activity Log For MainWP (cd04ac978144bbd0ce4f971c5fd6c62076f6a2e8) , Jun 07, 2024
New vulnerability
GiveWP – Donation Plugin and Fundraising Platform (CVE-2025-7221) , Aug 29, 2025
Add Code To Head (CVE-2025-48314) , Aug 29, 2025
130+ Widgets | Best Addons For Elementor – FREE (CVE-2025-58195) , Aug 29, 2025
WP Bulk Delete (CVE-2025-58192) , Aug 29, 2025
Responsive Mobile-Friendly Tooltip (CVE-2025-48316) , Aug 29, 2025