cleantalk
Vulnerabilities and Security Researches

MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance, CVE-2024-1642

CVE, Research URL

CVE-2024-1642

Home page URL

Security reports for MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance

Application

MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance

Published on
Mar 13, 2024
Research Description
The MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.0.1. This is due to missing or incorrect nonce validation on the 'posting_bulk' function. This makes it possible for unauthenticated attackers to delete arbitrary posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
Min -, max 5.0.
Status
vulnerable
Previous vulnerability researches
SEOPress for MainWP (CVE-2025-48298) , Jul 28, 2025
WP Compress for MainWP (CVE-2025-31076) , Apr 03, 2025
WP Compress for MainWP (CVE-2025-30932) , Jun 15, 2025
Activity Log For MainWP (CVE-2022-4974) , Oct 20, 2024
Activity Log For MainWP (cd04ac978144bbd0ce4f971c5fd6c62076f6a2e8) , Jun 07, 2024
New vulnerability
GiveWP – Donation Plugin and Fundraising Platform (CVE-2025-7221) , Aug 29, 2025
Add Code To Head (CVE-2025-48314) , Aug 29, 2025
130+ Widgets | Best Addons For Elementor – FREE (CVE-2025-58195) , Aug 29, 2025
WP Bulk Delete (CVE-2025-58192) , Aug 29, 2025
Responsive Mobile-Friendly Tooltip (CVE-2025-48316) , Aug 29, 2025