VYPR

Mainwp Child Reports

by WordPress

Source repositories

CVEs (4)

  • CVE-2024-7492HigAug 8, 2024
    risk 0.57cvss 8.8epss 0.00

    The MainWP Child Reports plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. This is due to missing or incorrect nonce validation on the network_options_action() function. This makes it possible for unauthenticated…

  • CVE-2021-24754HigOct 18, 2021
    risk 0.47cvss 7.2epss 0.01

    The MainWP Child Reports WordPress plugin before 2.0.8 does not validate or sanitise the order parameter before using it in a SQL statement in the admin dashboard, leading to an SQL injection issue

  • CVE-2024-33680MedApr 26, 2024
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in MainWP MainWP Child Reports.This issue affects MainWP Child Reports: from n/a through 2.1.1.

  • CVE-2026-4299MedApr 8, 2026
    risk 0.34cvss 5.3epss 0.01

    The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 2.2.6. This is due to a missing capability check in the heartbeat_received() function in the Live_Update class. This makes it possible for authenticated…