Date: Wed, 7 Mar 2018 01:17:46 +0100 From: Slavco Mihajloski <slavco.mihajloski@...il.com> To: oss-security@...ts.openwall.com Subject: Authentication bypass mainwp-child < 3.4.5 https://wordpress.org/plugins/mainwp-child/ remote administration plugin for Wordpress with 300k+ active installations. There is authentication bypass on mainwp-child < 3.4.5 and due the nature of the Wordpress itself, it is a RCE too. Disclosure: https://medium.com/websec/authentication-bypass-rce-on-300k-live-websites-using-mainwp-child-3-4-5-30a69097f633 Patch: https://github.com/mainwp/mainwp-child/commit/1b03e47300d1ee30776a63f4d526e45e1baef4e3#diff-b7c78d39c028166665d187e06e5058a7
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ