CVE-2024-10783

Name of the Vulnerable Software and Affected Versions MainWP Child plugin versions prior to 5.3

Description The MainWP Child plugin for WordPress is vulnerable to privilege escalation due to a missing authorization check on the register site function when a site is left in an unconfigured state. This makes it possible for unauthenticated attackers to log in as an administrator on instances where MainWP Child is not yet connected to the MainWP Dashboard. The vulnerability only affects sites that have MainWP Child installed, have not yet connected to the MainWP Dashboard, and do not have the unique security ID feature enabled.

Recommendations For versions prior to 5.2: Update to version 5.3 to fully resolve the issue. For version 5.2.1: Although a partial patch is included, it is recommended to update to version 5.3 for the complete patch. As a temporary workaround, consider disabling the register site function until a patch is available. Restrict access to the MainWP Child plugin to minimize the risk of exploitation. Avoid using the plugin in an unconfigured state until the issue is resolved.