Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

MainWP — Vulnerabilities & Security Advisories 20

Browse all 20 CVE security advisories affecting MainWP. AI-powered Chinese analysis, POCs, and references for each vulnerability.

MainWP is an open-source WordPress management plugin enabling centralized administration of multiple sites from a single dashboard. Its architecture, which relies on remote API communication between a master site and connected child sites, has historically introduced significant security risks. Security researchers have identified numerous vulnerabilities, including Remote Code Execution (RCE), Cross-Site Scripting (XSS), and Privilege Escalation flaws, often stemming from insufficient input validation and weak authentication mechanisms in the communication protocol. These defects allow attackers to potentially execute arbitrary code or manipulate site configurations remotely. While the project maintains an active development cycle to patch these issues, the complexity of its distributed system design continues to attract exploitation attempts. The presence of twenty recorded CVEs underscores the critical importance of rigorous code auditing and timely updates for administrators relying on this tool for bulk site management.

Found 1 results / 20Clear Filters
Top products by MainWP: MainWP Dashboard: Self-hosted WordPress Management for Agencies MainWP Child Reports MainWP Code Snippets Extension MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites MainWP Matomo Extension MainWP Maintenance Extension MainWP Broken Links Checker Extension MainWP Google Analytics Extension MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance MainWP Wordfence Extension MainWP File Uploader Extension MainWP Links Manager Extension MainWP UpdraftPlus Extension MainWP Staging Extension
CVE IDTitleCVSSSeverityPublished
CVE-2023-23640 WordPress MainWP UpdraftPlus Extension Plugin <= 4.0.6 - Subscriber+ Arbitrary Plugin Activation Vulnerability — MainWP UpdraftPlus ExtensionCWE-862 5.4 Medium2024-06-09

This page lists every published CVE security advisory associated with MainWP. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.