CVE-2026-27366 PUBLISHED

Unauthenticated Broken Access Control in MainWP Child <= 6.1.1 versions.

Update the WordPress MainWP Child Plugin to the latest available version (at least 6.1.2).

• mcdruid | Patchstack Bug Bounty Program finder

• https://patchstack.com/database/wordpress/plugin/mainwp-child/vulnerability/wordpress-mainwp-child-plugin-6-1-1-broken-access-control-vulnerability?_s_id=cve

• CWE-862 Missing Authorization CWE

• CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels