Security Advisory: MainWP-Child WordPress Plugin

During a routine audit, we found a critical vulnerability affecting the popular MainWP Child WordPress plugin. According to worpdress.org, it is installed on more than 90,000 WordPress sites as as remote administration tool.
This vulnerability allows anyone to login as an administrator only by knowing the target user’s handle, which is a password bypass. It is very simple to exploit and because security tools like WPScan already automate the process of grabbing a list of usernames from WordPress sites, it’s a big issue.
Clients using our Website Firewall are already protected against this issue.
Contact us for further information about this low cost security protection for your website. For  less than the price of a cup of coffee per working day, can you afford to be without Website Firewall?
 

Leave a comment: