Does MainWP Child Reports have any unpatched vulnerabilities?

No. All known vulnerabilities in MainWP Child Reports have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is MainWP Child Reports compatible with WordPress 6.9.4?

According to WordPress.org data, MainWP Child Reports 2.2.6 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is MainWP Child Reports compatible with PHP 7.4+?

MainWP Child Reports requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is MainWP Child Reports updated?

MainWP Child Reports was last updated on Dec 3, 2025. Frequent updates are generally a positive security signal.

What is MainWP Child Reports's security score?

MainWP Child Reports has a WP-Safety security score of 96/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

MainWP Child Reports Security & Risk Analysis

wordpress.org/plugins/mainwp-child-reports

The MainWP Child Report plugin tracks changes to Child sites for the Pro Reports Extension.

100K active installs v2.2.6 PHP 7.4+ WP 6.0+ Updated Dec 3, 2025

child-reportsmainwpmainwp-childmainwp-child-reportsmainwp-pro-reports-extension

A · Safe

CVEs total3

Unpatched0

Last CVEAug 7, 2024

Plugin page Download

Safety Verdict

Is MainWP Child Reports Safe to Use in 2026?

Generally Safe

Score 96/100

MainWP Child Reports has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Aug 7, 2024Updated 4mo ago

Risk Assessment

The mainwp-child-reports plugin v2.2.6 demonstrates a generally strong security posture with excellent output escaping and a high percentage of prepared SQL statements. The absence of critical or high-severity taint flows and the presence of numerous nonce and capability checks are positive indicators. However, the plugin has a history of significant vulnerabilities, including two high-severity SQL injection flaws and a medium-severity CSRF issue. While there are no currently unpatched CVEs, this history suggests a recurring pattern of insecure coding practices that have led to past exploits. The presence of one AJAX handler without authentication checks represents a direct, exploitable entry point that significantly undermines the overall security, especially given the plugin's past SQL injection issues.

Key Concerns

AJAX handler without auth check
History of 2 High Severity CVEs
History of 1 Medium Severity CVE

Vulnerabilities

MainWP Child Reports Security Vulnerabilities

CVEs by Year

1 CVE in 2021

2021

2 CVEs in 2024

2024

Patched Has unpatched

Severity Breakdown

High

Medium

3 total CVEs

CVE-2024-7492high · 8.8Cross-Site Request Forgery (CSRF)

MainWP Child Reports <= 2.2 - Cross-Site Request Forgery to Arbitrary Options Update

Aug 7, 2024 Patched in 2.2.1 (1d)

CVE-2024-33680medium · 4.3Cross-Site Request Forgery (CSRF)

MainWP Child Reports <= 2.1.1 - Cross-Site Request Forgery

Apr 26, 2024 Patched in 2.2 (6d)

CVE-2021-24754high · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

MainWP Child Reports <= 2.0.7 - Admin+ SQL Injection

Sep 20, 2021 Patched in 2.0.8 (855d)

Code Analysis

Analyzed Mar 16, 2026

MainWP Child Reports Code Analysis

Dangerous Functions

Raw SQL Queries

42 prepared

Unescaped Output

302 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

SQL Query Safety

79% prepared53 total queries

Output Escaping

96% escaped313 total outputs

Attack Surface

1 unprotected

MainWP Child Reports Attack Surface

Entry Points7

Unprotected1

AJAX Handlers 7

authwp_ajax_wp_mainwp_stream_resetclasses\class-admin.php:115

authwp_ajax_wp_mainwp_stream_filtersclasses\class-admin.php:138

authwp_ajax_wp_mainwp_stream_uninstallclasses\class-db-driver-wpdb.php:188

authwp_ajax_mainwp_stream_enable_live_updateclasses\class-live-update.php:47

authwp_ajax_mainwp_stream_get_usersclasses\class-settings.php:89

authwp_ajax_mainwp_stream_get_ipsclasses\class-settings.php:92

authwp_ajax_mainwp_stream_get_actionsclasses\class-settings.php:93

WordPress Hooks 70

actioninitclasses\class-admin.php:74

actionadmin_noticesclasses\class-admin.php:98

actionshutdownclasses\class-admin.php:99

filteradmin_body_classclasses\class-admin.php:102

actionadmin_enqueue_scriptsclasses\class-admin.php:105

actionadmin_enqueue_scriptsclasses\class-admin.php:112

actionwp_loadedclasses\class-admin.php:128

actionwp_mainwp_stream_auto_purgeclasses\class-admin.php:129

actionshutdownclasses\class-admin.php:196

actionshutdownclasses\class-connector.php:254

actionadmin_initclasses\class-export.php:35

actionwp_mainwp_stream_record_actions_menuclasses\class-export.php:36

filtermainwp_stream_records_per_pageclasses\class-export.php:65

filterwp_mainwp_stream_list_table_columnsclasses\class-export.php:66

actioninitclasses\class-install.php:50

actionwp_mainwp_stream_before_db_noticesclasses\class-install.php:53

actionwp_mainwp_child_reposts_recreate_tables_if_not_existclasses\class-install.php:54

actionall_admin_noticesclasses\class-install.php:121

filterscreen_settingsclasses\class-list-table.php:57

filterset-screen-optionclasses\class-list-table.php:61

filterheartbeat_receivedclasses\class-live-update.php:44

actionadmin_menuclasses\class-mainwp-child-report-helper.php:47

filtermainwp_wp_stream_settings_form_actionclasses\class-mainwp-child-report-helper.php:48

filterupdraftplus_save_last_backupclasses\class-mainwp-child-report-helper.php:49

actionmainwp_child_reports_logclasses\class-mainwp-child-report-helper.php:51

filterall_pluginsclasses\class-mainwp-child-report-helper.php:52

filterplugin_row_metaclasses\class-mainwp-child-report-helper.php:53

filterwp_mainwp_stream_settings_option_fieldsclasses\class-mainwp-child-report-helper.php:54

filtermainwp_child_init_subpagesclasses\class-mainwp-child-report-helper.php:83

filterwp_mainwp_stream_query_argsclasses\class-network.php:38

actioninitclasses\class-network.php:47

actionnetwork_admin_noticesclasses\class-network.php:49

actionwpmuadmineditclasses\class-network.php:50

filterwp_mainwp_stream_blog_id_loggedclasses\class-network.php:54

filterwp_mainwp_stream_admin_page_titleclasses\class-network.php:55

filterwp_mainwp_stream_list_table_screen_idclasses\class-network.php:56

filterwp_mainwp_stream_list_table_filtersclasses\class-network.php:57

filterwp_mainwp_stream_list_table_columnsclasses\class-network.php:58

filterwp_mainwp_stream_settings_form_actionclasses\class-network.php:59

filterwp_mainwp_stream_settings_form_descriptionclasses\class-network.php:60

filterwp_mainwp_stream_serialized_labelsclasses\class-network.php:61

filterwp_mainwp_stream_connectorsclasses\class-network.php:62

actionplugins_loadedclasses\class-plugin.php:99

actioninitclasses\class-plugin.php:105

actionplugins_loadedclasses\class-plugin.php:108

actionmainwp_child_reports_add_logclasses\class-plugin.php:124

actionadmin_initclasses\class-settings.php:66

filterwp_mainwp_stream_serialized_labelsclasses\class-settings.php:80

filteruser_search_columnsclasses\class-settings.php:127

filterwp_mainwp_stream_log_dataconnectors\class-connector-acf.php:122

actionshutdownconnectors\class-connector-acf.php:258

filterwp_mainwp_stream_log_dataconnectors\class-connector-bbpress.php:166

filterwp_mainwp_stream_log_dataconnectors\class-connector-edd.php:220

actionload-theme-editor.phpconnectors\class-connector-editor.php:50

actionload-plugin-editor.phpconnectors\class-connector-editor.php:51

filterwp_redirectconnectors\class-connector-editor.php:52

filterupgrader_pre_installconnectors\class-connector-installer.php:119

filterwp_mainwp_stream_log_dataconnectors\class-connector-jetpack.php:182

actionregistered_post_typeconnectors\class-connector-posts.php:75

actionadmin_headconnectors\class-connector-settings.php:215

actionadmin_enqueue_scriptsconnectors\class-connector-settings.php:216

actionupdated_optionconnectors\class-connector-settings.php:630

actionregistered_taxonomyconnectors\class-connector-taxonomies.php:89

filterwp_mainwp_stream_log_dataconnectors\class-connector-user-switching.php:83

actioncustomize_save_afterconnectors\class-connector-widgets.php:144

filterwp_mainwp_stream_posts_exclude_post_typesconnectors\class-connector-woocommerce.php:72

actionwp_mainwp_stream_comments_exclude_comment_typesconnectors\class-connector-woocommerce.php:73

actionadmin_enqueue_scriptsconnectors\class-connector-wordpress-seo.php:198

filterwp_mainwp_stream_log_dataconnectors\class-connector-wordpress-seo.php:199

actionshutdownmainwp-child-reports.php:30

Scheduled Events 1

wp_mainwp_stream_auto_purge

Maintenance & Trust

MainWP Child Reports Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 3, 2025

PHP min version7.4

Downloads1.5M

Community Trust

Rating86/100

Number of ratings6

Active installs100K

Alternatives

MainWP Child Reports Alternatives

MainWP Key Maker

mainwp-key-maker

100

The MainWP Key Maker plugin copies settings for the MainWP Bulk Settings Manager Extension.

5K No CVEs

MainWP Post SMTP Extension – Easily Manage WP SMTP Setup for All Sites in One Place

post-smtp-for-mainwp

100

Manage WP SMTP configuration from a single dashboard for all your sites. View email logs, get instant email failure alerts, and set up a backup SMTP c …

300 No CVEs

Update Brief for MainWP

update-brief-mainwp

100

Turn plain plugin update lists into compelling client reports that prove your maintenance value — powered by concise, professionally written update su …

0 No CVEs

WPvivid Backup for MainWP

wpvivid-backup-mainwp

Set up and control WPvivid Backup Free and Pro for all child sites directly from your MainWP Dashboard.

10K 2 CVEs

SEOPress for MainWP

seopress-for-mainwp

SEOPress for MainWP extension, is an-addon for MainWP and SEOPress plugins. Edit your SEOPress global settings directly from MainWP dashboard site.

900 1 CVE

Developer Profile

MainWP Child Reports Developer Profile

mainwp

4 plugins · 825K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

1278 days

View full developer profile

Detection Fingerprints

How We Detect MainWP Child Reports

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/mainwp-child-reports/css/mainwp-child-reports-admin.css/wp-content/plugins/mainwp-child-reports/js/mainwp-child-reports-admin.js

Script Paths

/wp-content/plugins/mainwp-child-reports/js/mainwp-child-reports-admin.js

Version Parameters

mainwp-child-reports/css/mainwp-child-reports-admin.css?ver=mainwp-child-reports/js/mainwp-child-reports-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

wp_mainwp_stream_screen

Data Attributes

data-page-slugdata-nonce

JS Globals

wp_mainwp_stream_filters_nonce

REST Endpoints

/wp-json/wp_mainwp_stream/v1/filters

FAQ