CVE-2024-7492

2024-08-0803:15:35

CWE-352

[email protected]

web.nvd.nist.gov

mainwp child reports plugin

wordpress

cross-site request forgery

missing nonce validation

unauthenticated attackers

arbitrary options

privilege escalation

multisite instances

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

23.5%

JSON

The MainWP Child Reports plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. This is due to missing or incorrect nonce validation on the network_options_action() function. This makes it possible for unauthenticated attackers to update arbitrary options that can be leveraged for privilege escalation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This is only exploitable on multisite instances.

References

plugins.trac.wordpress.org/browser/mainwp-child-reports/trunk/classes/class-network.php#L346

plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3131718%40mainwp-child-reports&new=3131718%40mainwp-child-reports&sfp_email=&sfph_mail=#file4

www.wordfence.com/threat-intel/vulnerabilities/id/cdd7971c-6f1c-437a-832c-e2b2817a197e?source=cve