CVE-2024-10783
📋 TL;DR
This vulnerability allows unauthenticated attackers to gain administrator access on WordPress sites running MainWP Child plugin versions up to 5.2 when the plugin is installed but not yet connected to the MainWP Dashboard. Only sites with MainWP Child in an unconfigured state and without the unique security ID feature enabled are affected.
💻 Affected Systems
- MainWP Child WordPress plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete site takeover with administrator privileges, allowing data theft, malware injection, or site destruction.
Likely Case
Unauthenticated attackers gaining administrator access to vulnerable WordPress installations.
If Mitigated
No impact if plugin is properly configured or patched.
🎯 Exploit Status
Exploitation requires no authentication and minimal technical skill once vulnerability details are known.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 5.3
Vendor Advisory: https://wordpress.org/plugins/mainwp-child/
Restart Required: No
Instructions:
1. Update MainWP Child plugin to version 5.3 or higher via WordPress admin panel. 2. Verify plugin is updated to at least 5.3. 3. Ensure unique security ID feature is enabled for additional protection.
🔧 Temporary Workarounds
Enable unique security ID
allEnable the unique security ID feature in MainWP Child settings to prevent exploitation
Connect to MainWP Dashboard
allComplete the connection to MainWP Dashboard to remove vulnerable state
🧯 If You Can't Patch
- Immediately connect MainWP Child to MainWP Dashboard if using the plugin
- Disable or remove MainWP Child plugin if not actively used
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel for MainWP Child plugin version. If version ≤5.2 AND plugin is not connected to MainWP Dashboard AND unique security ID is disabled, system is vulnerable.Check Version:
wp plugin list --name=mainwp-child --field=versionVerify Fix Applied:
Verify MainWP Child plugin version is ≥5.3 OR plugin is connected to MainWP Dashboard OR unique security ID is enabled.📡 Detection & Monitoring
Log Indicators:
- Unauthenticated POST requests to register_site function
- Sudden administrator account creation or privilege changes
Network Indicators:
- HTTP POST requests to WordPress admin-ajax.php or similar endpoints with MainWP Child parameters
SIEM Query:
source="wordpress.log" AND ("register_site" OR "mainwp-child") AND status="200" AND user="-"🔗 References
- https://plugins.trac.wordpress.org/browser/mainwp-child/tags/5.2/class/class-mainwp-child.php#L76
- https://plugins.trac.wordpress.org/browser/mainwp-child/tags/5.2/class/class-mainwp-connect.php#L69
- https://plugins.trac.wordpress.org/browser/mainwp-child/tags/5.2/class/class-mainwp-connect.php#L788
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3197586%40mainwp-child&new=3197586%40mainwp-child&sfp_email=&sfph_mail=
- https://wordpress.org/plugins/mainwp-child/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/9156e536-a58e-4d78-b136-af8a9613ee23?source=cve
