Vulnerability in WordPress Plugin Allows Hackers to take full control of website

WordPress’s MainWP Child Plugin has vulnerability… and it is very much exploitable.

Researchers at Sucuri have identified a vulnerability in the MainWP Child plugin for WordPress, which according to them is potentially exploitable and can allow hackers to fully control any website.

Mickael Nadeau, Sucuri’s security and vulnerability researcher, revealed the finding in his blog post on Monday.

 “This vulnerability allows anyone to login as an administrator only by knowing the target user’s handle (password bypass). It is very simple to exploit and a big deal as security tools like WPScan already automate the process of grabbing a list of usernames from WordPress sites.”

vulnerability-in-wordpress-plugin-allows-hackers-to-take-full-control-of-website

The developers have been notified by Sucuri about this problem and they have spontaneously addressed it in WordPress’s version2.0.9.2. This plugin is used as a remote administration tool by users and it already has been installed around 90,000 times. Users are now being urged by developers to get the plugin updated.


Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.