cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-7492,https://securityvulnerability.io/vulnerability/CVE-2024-7492,Cross-Site Request Forgery Vulnerability in MainWP Child Reports Plugin,"The MainWP Child Reports plugin for WordPress is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability that affects all versions up to and including 2.2. This issue stems from inadequate nonce validation within the network_options_action() function. As a result, unauthenticated attackers can exploit this flaw to modify arbitrary options on multisite instances of WordPress. By tricking a site administrator into performing a specific action, such as clicking a malicious link, attackers can leverage this vulnerability to escalate their privileges, posing a significant threat to the integrity of affected WordPress installations.",Wordpress,MainWP Child Reports,8.8,HIGH,0.0005499999970197678,false,,false,false,false,,false,false,2024-08-08T02:32:08.923Z,0
CVE-2021-24754,https://securityvulnerability.io/vulnerability/CVE-2021-24754,MainWP Child Reports < 2.0.8 - Admin+ SQL Injection,"The MainWP Child Reports WordPress plugin before 2.0.8 does not validate or sanitise the order parameter before using it in a SQL statement in the admin dashboard, leading to an SQL injection issue",Wordpress,MainWP Child Reports,7.2,HIGH,0.001120000029914081,false,,false,false,false,,false,false,2021-10-18T13:46:12.000Z,0