Unauthenticated Access Control Flaw in MainWP Child by MainWP
CVE-2026-27366

7.5HIGH

Key Information:

Vendor: WordPress
Status: MainWP Child
Vendor: CVE Published:; 25 June 2026

What is CVE-2026-27366?

The MainWP Child plugin, up to version 6.1.1, contains a flaw that allows attackers to exploit unauthenticated access control vulnerabilities. This weakness enables unauthorized users to gain access to restricted areas of the application, potentially leading to sensitive data exposure or modification without proper authentication. It's essential for users of this plugin to promptly address this security issue to protect their WordPress sites.

Affected Version(s)

MainWP Child <= 6.1.1

References

https://patchstack.com/database/wordpress/plugin/mainwp-c...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2026
Vulnerability Reserved
Feb 19, 2026

Credit

mcdruid | Patchstack Bug Bounty Program

CVE-2026-27366 Data

JSON