CVE-2024-1642

Name of the Vulnerable Software and Affected Versions MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance plugin for WordPress versions up to, and including, 4.6.0.1

Description The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the posting bulk function. This allows unauthenticated attackers to delete arbitrary posts via a forged request if they can trick a site administrator into performing an action such as clicking on a link.

Recommendations For versions up to, and including, 4.6.0.1, update to a version that includes the fix for the nonce validation issue in the posting bulk function. As a temporary workaround, consider restricting access to the posting bulk function until a patch is available.