CVE-2024-10783

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Dec 13, 2024
CWE ID 862

Summary

CVE-2024-10783 is a privilege escalation vulnerability affecting the MainWP Child – Securely Connects to the MainWP Dashboard plugin for WordPress. The issue lies in the missing authorization checks on the register_site function in all versions up to 5.2, which allows unauthenticated attackers to log in as an administrator when a site is left in an unconfigured state. This vulnerability only impacts sites that have MainWP Child installed but not yet connected to the MainWP Dashboard, and do not have the unique security ID feature enabled. A partial patch is available in version 5.2.1, but the complete solution is found in version 5.3.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share