Wordpress users, action required on MainWP Child WordPress plugin vulnerability

Website owners using the popular MainWP Child WordPress plugin need to upgrade the plugin immediately to avoid a serious security vulnerability on their sites.

Posted on 12 March 2015 - Security
Tibus BY Tibus

Website owners using the popular MainWP Child WordPressplugin need to upgrade the plugin immediately to avoid a serious security vulnerability on their sites.

What is the MainWP Cundefinedhild WordPress plugin?

MainWP Child WordPress plugin is a popular plugin used predominantly by administrators operating a number of WordPress sites. It allows users to to control various WordPress installations across different hosting environments and locations.

Its main selling point, although it is a free download, is the ability to update all WordPress installs, plugins and themes for multiple sites from a single dashboard.

WordPress believes the plugin has more than 90,000 active installations at present.

What's the problem?

MainWP Child WordPress plugin is subject to a serious privilege escalation vulnerability. The vulnerability allows an attacker to log into the website without needing to enter a password. In other words, the security mechanism stopping someone from editing, deleting or attacking websites using the plugin is not working.

What should you do?

You need to immediately upgrade MainWP Child WordPress to that latest version, which is version 2.0.9.2. That updated version was released last Friday and fixes the security issue outlined above.
 
You can use WPScan to check whether your website is affect by this and other security vulnerabilities.
 
Please also consider sharing this post. WordPress believes that only around one in every nine sites currently using the plugin have upgraded to the secure version, so there are a lot of vulnerable websites out there at the moment.

- See more at: http://old.tibcom-win.virtual.tibus.net/Blog/Articles/March-2015/Wordpress-users,-action-required-on-MainWP-Child-W#sthash.tTg7YXFe.dpuf