CVE Catalog

CVE-2026-27366

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.22%

13th percentile — higher than 13% of all known CVEs

Summary

The MainWP Child plugin versions up to 6.1.1 contain a vulnerability allowing unauthenticated attackers to bypass access controls. This flaw enables unauthorized operations on the site without requiring authentication.

Risk Assessment

The organization is at risk of having its WordPress site taken over by an unauthenticated attacker, potentially leading to data theft, defacement, or further malware distribution.

Recommendation

Immediately update the MainWP Child plugin to version 6.1.2 or later. If an update is not possible, temporarily disable the plugin until a patch is applied.

Original NVD description (English source)

Unauthenticated Broken Access Control in MainWP Child <= 6.1.1 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS