Date: Wed, 7 Mar 2018 01:17:46 +0100 From: Slavco Mihajloski <slavco.mihajloski@...il.com> To: oss-security@...ts.openwall.com Subject: Authentication bypass mainwp-child < 3.4.5 https://wordpress.org/plugins/mainwp-child/ remote administration plugin for Wordpress with 300k+ active installations. There is authentication bypass on mainwp-child < 3.4.5 and due the nature of the Wordpress itself, it is a RCE too. Disclosure: https://medium.com/websec/authentication-bypass-rce-on-300k-live-websites-using-mainwp-child-3-4-5-30a69097f633 Patch: https://github.com/mainwp/mainwp-child/commit/1b03e47300d1ee30776a63f4d526e45e1baef4e3#diff-b7c78d39c028166665d187e06e5058a7
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.