Description

WordPress Plugin MainWP Child is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently login as an administrator only by knowing the target user's handle (password bypass). WordPress Plugin MainWP Child version 2.0.9.1 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 2.0.9.2 or latest

References

https://blog.sucuri.net/2015/03/security-advisory-mainwp-child-wordpress-plugin.html

Related Vulnerabilities

WordPress Plugin Katalyst TimThumb 'timthumb.php' Arbitrary File Upload (1.0)

Plone arbitrary code execution

WordPress Plugin Ultimate Member-User Profile & Membership Open Redirect (2.0.33)

Apache Tomcat directory host Appbase authentication bypass vulnerability

WordPress Plugin Product Catalog X Cross-Site Request Forgery (1.5.12)

Severity

High

Classification

CWE-264 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Authentication Bypass