Description
WordPress Plugin MainWP Child is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently login as an administrator only by knowing the target user's handle (password bypass). WordPress Plugin MainWP Child version 2.0.9.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.0.9.2 or latest
References
Related Vulnerabilities
WordPress Plugin Katalyst TimThumb 'timthumb.php' Arbitrary File Upload (1.0)
Plone arbitrary code execution
WordPress Plugin Ultimate Member-User Profile & Membership Open Redirect (2.0.33)
Apache Tomcat directory host Appbase authentication bypass vulnerability
WordPress Plugin Product Catalog X Cross-Site Request Forgery (1.5.12)