← Back to CVE List

CVE-2024-7492

Published: 2024-08-08T03:15Z
Last Modified: 2025-03-01T01:20Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
The MainWP Child Reports plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. This is due to missing or incorrect nonce validation on the network_options_action() function. This makes it possible for unauthenticated attackers to update arbitrary options that can be leveraged for privilege escalation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This is only exploitable on multisite instances. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt