Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in 21 MainWP Extensions

  • Severity: high-risk
  • Status: Open
  • Publication: January 18, 2023

Several extensions for WordPress created by MainWP have a security vulnerability related to Cross-Site Request Forgery. This means that unauthenticated attackers can use forged requests to access functions that are only meant to be used by higher-privileged users such as administrators. This can be done by tricking a site administrator into clicking on a malicious link. The vulnerability exists because the extensions are missing or incorrectly validating nonce.

Detected in:

MainWP Article Uploader Extension fixed vulnerable versions: >= * <= 4.0.2
MainWP Boilerplate Extension fixed vulnerable versions: >= * <= 4.1
MainWP Buddy Extension fixed vulnerable versions: >= * <= 4.0.1
MainWP Clone Extension fixed vulnerable versions: >= * <= 4.0.2
MainWP Code Snippets Extension fixed vulnerable versions: >= * <= 4.0.2
MainWP Comments Extension fixed vulnerable versions: >= * <= 4.0.6
MainWP Favorites Extension fixed vulnerable versions: >= * <= 4.0.10
MainWP File Uploader Extension fixed vulnerable versions: >= * <= 4.1
MainWP Google Analytics Extension fixed vulnerable versions: >= * <= 4.0.4
MainWP iThemes Security Extension fixed vulnerable versions: >= * <= 4.1.1
MainWP Maintenance Extension fixed vulnerable versions: >= * <= 4.1.1
MainWP Page Speed Extension fixed vulnerable versions: >= * <= 4.0.2
MainWP Post Dripper Extension fixed vulnerable versions: >= * <= 4.0.4
MainWP Post Plus Extension fixed vulnerable versions: >= * <= 4.0.3
MainWP Rocket Extension fixed vulnerable versions: >= * <= 4.0.3
MainWP Staging Extension fixed vulnerable versions: >= * <= 4.0.3
MainWP UpdraftPlus Extension fixed vulnerable versions: >= * <= 4.0.6
MainWP Wordfence Extension fixed vulnerable versions: >= * <= 4.0.7
MainWP WordPress SEO Extension fixed vulnerable versions: >= * <= 4.0.1
MainWP BlogVault Backup Extension open vulnerable versions: >= * <= 1.3
MainWP Broken Link Checker open vulnerable versions: >= * <= 4.0

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.