WordPress Plugin Vulnerabilities

MainWP <= 2.0.22 - Unspecified

Description

Email sent from vendor to users:

"Today we released updates to both the MainWP Dashboard (2.0.23) and MainWP Child (2.0.23) that contain additional security hardening for a possible issue found by Francois Harvey and reported through out White Hat Reward Program.

We encourage everyone to update both their MainWP Dashboard and Child site as soon as possible then follow the security hardening procedure that will be listed at the top of your MainWP Dashboard. Once you have completed the update the warning will go away."

Affects Plugins

Plugin icon
mainwp-child
Fixed in 2.0.23
Plugin icon
mainwp
Fixed in 2.0.23

References

URL
https://plugins.trac.wordpress.org/changeset/1214999/mainwp

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
1da32fc3-b911-4a4f-aabf-517ae621e2c3

Timeline

Publicly Published
2015-08-08 (about 10 years ago)
Added
2015-08-08 (about 10 years ago)
Last Updated
2019-10-22 (about 6 years ago)

Other

Published
Title
Published
2014-08-01
Title
WP Property < 1.38.4 - Non-administrative User XMLI Remote Information Disclosure
Published
2026-05-01
Title
My Social Feeds < 1.0.5 - Unauthenticated Sensitive Information Exposure via 'ttp_get_accounts' AJAX Action
Published
2023-06-02
Title
Contact Form and Calls To Action by vcita <= 2.7.1 - Settings Update Via CSRF
Published
2019-10-25
Title
WP HTML Mail < 2.9.1 - HTML Injection
Published
2020-02-05
Title
Events Manager Pro < 2.6.7.2 - CSV Injection