Website owners using the popular MainWP Child WordPress plugin need to upgrade the plugin immediately to avoid a serious security vulnerability on their sites.Posted on 12 March 2015 - Security
MainWP Child WordPress plugin is a popular plugin used predominantly by administrators operating a number of WordPress sites. It allows users to to control various WordPress installations across different hosting environments and locations.
Its main selling point, although it is a free download, is the ability to update all WordPress installs, plugins and themes for multiple sites from a single dashboard.
WordPress believes the plugin has more than 90,000 active installations at present.
MainWP Child WordPress plugin is subject to a serious privilege escalation vulnerability. The vulnerability allows an attacker to log into the website without needing to enter a password. In other words, the security mechanism stopping someone from editing, deleting or attacking websites using the plugin is not working.
- See more at: http://old.tibcom-win.virtual.tibus.net/Blog/Articles/March-2015/Wordpress-users,-action-required-on-MainWP-Child-W#sthash.tTg7YXFe.dpuf