Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 7 Mar 2018 01:17:46 +0100
From: Slavco Mihajloski <slavco.mihajloski@...il.com>
To: oss-security@...ts.openwall.com
Subject: Authentication bypass mainwp-child < 3.4.5

https://wordpress.org/plugins/mainwp-child/ remote administration plugin
for Wordpress with 300k+ active installations.

There is authentication bypass on mainwp-child < 3.4.5 and due the nature
of the Wordpress itself, it is a RCE too.


Disclosure:
https://medium.com/websec/authentication-bypass-rce-on-300k-live-websites-using-mainwp-child-3-4-5-30a69097f633

Patch:
https://github.com/mainwp/mainwp-child/commit/1b03e47300d1ee30776a63f4d526e45e1baef4e3#diff-b7c78d39c028166665d187e06e5058a7

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.