Skip to main content

Mainwp

2 CVEs product

Monthly

CVE-2026-57327 MEDIUM This Month

Broken access control in MainWP WordPress plugin versions 6.1.1 and below allows authenticated subscribers to bypass authorization checks and perform actions restricted to higher-privileged roles. The CVSS vector (PR:L, AC:L, AV:N) confirms any low-privileged WordPress account - the subscriber role being the lowest default - is sufficient for network-based exploitation with no special complexity. No public exploit has been identified at time of analysis and the vulnerability is not listed in the CISA KEV catalog, though the minimal barrier to obtaining a subscriber account on sites with open registration makes this a meaningful risk for multi-user or membership-based installations.

Authentication Bypass Mainwp
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2023-6164 LOW PATCH Monitor

The MainWP Dashboard - WordPress Manager for Multiple Websites Maintenance plugin for WordPress is vulnerable to CSS Injection via the ‘newColor’ parameter in all versions up to, and including,. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable.

Code Injection WordPress Mainwp
NVD VulDB
CVSS 3.1
2.2
EPSS
0.1%
EPSS 0% CVSS 6.3
MEDIUM This Month

Broken access control in MainWP WordPress plugin versions 6.1.1 and below allows authenticated subscribers to bypass authorization checks and perform actions restricted to higher-privileged roles. The CVSS vector (PR:L, AC:L, AV:N) confirms any low-privileged WordPress account - the subscriber role being the lowest default - is sufficient for network-based exploitation with no special complexity. No public exploit has been identified at time of analysis and the vulnerability is not listed in the CISA KEV catalog, though the minimal barrier to obtaining a subscriber account on sites with open registration makes this a meaningful risk for multi-user or membership-based installations.

Authentication Bypass Mainwp
NVD
EPSS 0% CVSS 2.2
LOW PATCH Monitor

The MainWP Dashboard - WordPress Manager for Multiple Websites Maintenance plugin for WordPress is vulnerable to CSS Injection via the ‘newColor’ parameter in all versions up to, and including,. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable.

Code Injection WordPress Mainwp
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy