CVE-2024-10783

Published Dec 13, 2024

Last updated 2 months ago

CVSS high 8.1

Overview

Description
The MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites plugin for WordPress is vulnerable to privilege escalation due to a missing authorization checks on the register_site function in all versions up to, and including, 5.2 when a site is left in an unconfigured state. This makes it possible for unauthenticated attackers to log in as an administrator on instances where MainWP Child is not yet connected to the MainWP Dashboard. IMPORTANT: this only affects sites who have MainWP Child installed and have not yet connected to the MainWP Dashboard, and do not have the unique security ID feature enabled. Sites already connected to the MainWP Dashboard plugin and do not have the unique security ID feature enabled, are NOT affected and not required to upgrade. Please note 5.2.1 contains a partial patch, though we consider 5.3 to be the complete patch.
Source
security@wordfence.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Primary
Base score
8.1
Impact score
5.9
Exploitability score
2.2
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

security@wordfence.com
CWE-862

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2024-10783 (Published: 2024-12-13) - High severity vulnerability in MainWP. Affects versions prior to 5.2. Remediation: Update to the latest version to secure your site. For details, check the code here: https://t.co/5MUjbs4y70 #WordPress #Security

    @transilienceai

    17 Dec 2024

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 CVE-2024-10783 (Published: 2024-12-13) - High severity vulnerability in MainWP versions prior to 5.2. Exploitation can lead to serious security risks. 🛡️ Remediation: Update to the latest version immediately! For more details, check the code here: https://t.co/5MUjbs4y70… htt

    @transilienceai

    17 Dec 2024

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 CVE-2024-10783 (Published: 2024-12-13) - Critical vulnerability in MainWP. Affects versions prior to 5.2. Remediation: Update to the latest version to secure your site. For more details, check the code here: https://t.co/IhuTLfWpdH #WordPress #Security

    @transilienceai

    17 Dec 2024

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨 CVE-2024-10783 (Published: 2024-12-13) - High severity vulnerability in MainWP versions prior to 5.2. This exploit affects the MainWP Child plugin. 🔒 Remediation: Update to the latest version to secure your site. For more details, check the code here: https://t.co/IhuTLfWpdH…

    @transilienceai

    17 Dec 2024

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🚨 CVE-2024-10783 (Published: 2024-12-13) - Critical vulnerability in MainWP versions prior to 5.2. Exploitation can lead to severe security risks. 🛡️ Remediation: Update to the latest version to safeguard your site. More details: https://t.co/IhuTLfWpdH #WordPress #Security

    @transilienceai

    17 Dec 2024

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 🚨 CVE-2024-10783 (Published: 2024-12-13) - Critical vulnerability in MainWP. Affects versions prior to 5.2. Remediation: Update to the latest version to secure your site. For more details, check the code here: https://t.co/tcuRbzQNZM #WordPress #Security

    @transilienceai

    17 Dec 2024

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 🚨 CVE-2024-10783 (Published: 2024-12-13) - Critical vulnerability in MainWP Child Plugin (versions affected: 5.2). Ensure your site is secure by updating to the latest version. For more details, check the remediation link: https://t.co/tcuRbzQNZM #WordPress #Security

    @transilienceai

    17 Dec 2024

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. 🚨 CVE-2024-10783 (Published: 2024-12-13) 🚨 A critical vulnerability in MainWP affects versions prior to 5.2. Users are urged to update to the latest version immediately to mitigate risks. For more details, check the code here: https://t.co/tcuRbzQNZM #WordPress #Security

    @transilienceai

    17 Dec 2024

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. 🚨 CVE-2024-10783 (Published: 2024-12-13) - Critical vulnerability in MainWP versions prior to 5.2. Exploitation can lead to severe security risks. 🛡️ Remediation: Update to the latest version immediately! For details, check the code here: https://t.co/tcuRbzQNZM #WordPress… htt

    @transilienceai

    17 Dec 2024

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. 🚨 CVE-2024-10783 (Published: 2024-12-13) - Critical vulnerability in MainWP. Affects versions prior to 5.2. Remediation: Update to the latest version to secure your site. For details, check the code here: https://t.co/tcuRbzQNZM #WordPress #Security

    @transilienceai

    17 Dec 2024

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References