Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 7 Mar 2018 01:17:46 +0100
From: Slavco Mihajloski <slavco.mihajloski@...il.com>
To: oss-security@...ts.openwall.com
Subject: Authentication bypass mainwp-child < 3.4.5

https://wordpress.org/plugins/mainwp-child/ remote administration plugin
for Wordpress with 300k+ active installations.

There is authentication bypass on mainwp-child < 3.4.5 and due the nature
of the Wordpress itself, it is a RCE too.


Disclosure:
https://medium.com/websec/authentication-bypass-rce-on-300k-live-websites-using-mainwp-child-3-4-5-30a69097f633

Patch:
https://github.com/mainwp/mainwp-child/commit/1b03e47300d1ee30776a63f4d526e45e1baef4e3#diff-b7c78d39c028166665d187e06e5058a7

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ