WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Plugin MainWP Child-Securely connects sites to the MainWP WordPress Manager Dashboard Security Bypass (3.4.4)

Description

WordPress Plugin MainWP Child-Securely connects sites to the MainWP WordPress Manager Dashboard is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently gain full control of target application if the administrative user name is known. WordPress Plugin MainWP Child-Securely connects sites to the MainWP WordPress Manager Dashboard version 3.4.4 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 3.4.5 or latest

References

https://medium.com/websec/authentication-bypass-rce-on-300k-live-websites-using-mainwp-child-3-4-5-30a69097f633

https://plugins.svn.wordpress.org/mainwp-child/trunk/readme.txt

Related Vulnerabilities

ownCloud Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-1501)

Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-30179)

WordPress Plugin WP Fusion Lite-Marketing Automation for WordPress Multiple Vulnerabilities (3.37.18)

MySQL CVE-2016-8283 Vulnerability (CVE-2016-8283)

Joomla Deserialization of Untrusted Data Vulnerability (CVE-2019-11831)

Severity

High

Classification

CWE-287 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass