WordPress Plugin Vulnerabilities

MainWP Child <= 3.4.4 - Authentication Bypass

Description

Not authorized attacker could gain full control of target application if he knows the administrative user name. In case of openssl installed on the server then one request is enough and in case of md5 verification ~100k requests will do the job.

Affects Plugins

Plugin icon
mainwp-child
Fixed in 3.4.5

References

URL
https://plugins.trac.wordpress.org/changeset/1826377/mainwp-child
URL
https://medium.com/websec/authentication-bypass-rce-on-300k-live-websites-using-mainwp-child-3-4-5-30a69097f633
URL
https://github.com/mainwp/mainwp-child/commit/1b03e47300d1ee30776a63f4d526e45e1baef4e3#diff-b7c78d39c028166665d187e06e5058a7

Classification

Type
AUTHBYPASS
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-287

Miscellaneous

Submitter
Slavco
Submitter website
https://medium.com/websec
Submitter twitter
mslavco
Verified
No
WPVDB ID
e7124958-4769-46df-9ddd-e645066d9151

Timeline

Publicly Published
2018-02-28 (about 8 years ago)
Added
2018-03-02 (about 8 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2015-02-19
Title
Duplicator 0.5.8 - Privilege Escalation
Published
2026-03-12
Title
RegistrationMagic < 6.0.7.2 - Authentication Bypass
Published
2014-08-01
Title
MaxButtons 1.19.0 - includes/maxbuttons-button-css.php Authentication Bypass
Published
2024-07-19
Title
WooCommerce - Social Login < 2.7.4 - Unauthenticated Privilege Escalation via One-Time Password
Published
2015-04-15
Title
Profile Builder < 2.1.4 - Missing Access Controls