CVE Catalog
CVE-2026-27366
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk0.22%
13th percentile — higher than 13% of all known CVEs
Summary
The MainWP Child plugin versions up to 6.1.1 contain a vulnerability allowing unauthenticated attackers to bypass access controls. This flaw enables unauthorized operations on the site without requiring authentication.
Risk Assessment
The organization is at risk of having its WordPress site taken over by an unauthenticated attacker, potentially leading to data theft, defacement, or further malware distribution.
Recommendation
Immediately update the MainWP Child plugin to version 6.1.2 or later. If an update is not possible, temporarily disable the plugin until a patch is applied.
Original NVD description (English source)
Unauthenticated Broken Access Control in MainWP Child <= 6.1.1 versions.

