Wordpress users, action required on MainWP Child WordPress plugin vulnerability

Website owners using the popular MainWP Child WordPress plugin need to upgrade the plugin immediately to avoid a serious security vulnerability on their sites.

What is the MainWP Child WordPress plugin?

MainWP Child WordPress plugin is a popular plugin used predominantly by administrators operating a number of WordPress sites. It allows users to to control various WordPress installations across different hosting environments and locations.

Its main selling point, although it is a free download, is the ability to update all WordPress installs, plugins and themes for multiple sites from a single dashboard.

WordPress believes the plugin has more than 90,000 active installations at present.

What's the problem?

MainWP Child WordPress plugin is subject to a serious privilege escalation vulnerability. The vulnerability allows an attacker to log into the website without needing to enter a password. In other words, the security mechanism stopping someone from editing, deleting or attacking websites using the plugin is not working.

What should you do?

You need to immediately upgrade MainWP Child WordPress to that latest version, which is version 2.0.9.2. That updated version was released last Friday and fixes the security issue outlined above.

You can use WPScan to check whether your website is affect by this and other security vulnerabilities.

Please also consider sharing this post. WordPress believes that only around one in every nine sites currently using the plugin have upgraded to the secure version, so there are a lot of vulnerable websites out there at the moment.

- See more at: http://old.tibcom-win.virtual.tibus.net/Blog/Articles/March-2015/Wordpress-users,-action-required-on-MainWP-Child-W#sthash.tTg7YXFe.dpuf

Wordpress users, action required on MainWP Child WordPress plugin vulnerability

What is the MainWP Child WordPress plugin?

What's the problem?

What should you do?

Belfast

Dublin

London