5 matches found
WordPress Plugin MainWP Child - Authentication Bypass
The plugin is vulnerable to an authentication bypass that allows an unauthenticated user to login as an administrator without providing a password. This vulnerability is only exploitable when the plugin has not been connected to a MainWP Dashboard and the "Require unique security ID" option is no...
CVE-2024-10783
The MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites plugin for WordPress is vulnerable to privilege escalation due to a missing authorization checks on the registersite function in all versions up to, and including, 5.2 when a site is left in an unconfigured stat...
CVE-2024-10783
creationtimestamp| type| source ---|---|--- 2024-12-13 09:30:14+00:00| seen| https://infosec.exchange/users/cve/statuses/113644811939302804 2024-12-13 12:25:40+00:00| seen| https://t.me/cvedetector/12854 2025-03-24 14:32:29+00:00| confirmed|...
CVE-2024-10783
CVE-2024-10783 – MainWP Child (WordPress) Root cause: missing authorization checks in register_site in all versions up to 5.2 when a site is unconfigured, enabling an unauthenticated user to login as an administrator on instances not yet connected to the MainWP Dashboard and without the unique se...
CVE-2024-10783 MainWP Child <= 5.3.3 - Missing Authorization to Unauthenticated Privilege Escalation
The MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites plugin for WordPress is vulnerable to privilege escalation due to a missing authorization checks on the registersite function in all versions up to, and including, 5.2 when a site is left in an unconfigured stat...