WordPress Plugins
A privilege escalation vulnerability has been discovered in the WordPress plugin “MainWP Child”.
MainWP Child is a plugin that works in conjunction with the WordPress management plugin, MainWP, to allow remote administration of WordPress-based websites.
If left unpatched, the flaw in MainWP Child may allow an attacker to log into a site without requiring a password as long as they know an account’s username.
If you are using MainWP, the patched version of “MainWP Child” is 2.0.9.2 and should be downloaded from WordPress.org and applied to your sites immediately.
Thanks to Securi Labs for discovering the issue and to Dennis of MainWP for pushing out a patch so quickly.
Important Note: Although some websites managed by ESC! Technologies Group were using the MainWP Child plugin on a trial basis, we discontinued our use of MainWP Child and MainWP in mid-January 2015. As a result, NO ESC! Technologies Group clients who subscribe to one of our WordPress Maintenance plans have been affected by the MainWP Child vulnerability.