cbcvebase.
CVE-2024-10783
published 2024-12-13

CVE-2024-10783: The MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites plugin for WordPress is vulnerable to privilege escalation due to a…

PriorityP261high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
EXPLOIT
EPSS
2.30%
81.2th percentile
The MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites plugin for WordPress is vulnerable to privilege escalation due to a missing authorization checks on the register_site function in all versions up to, and including, 5.2 when a site is left in an unconfigured state. This makes it possible for unauthenticated attackers to log in as an administrator on instances where MainWP Child is not yet connected to the MainWP Dashboard. IMPORTANT: this only affects sites who have MainWP Child installed and have not yet connected to the MainWP Dashboard, and do not have the unique security ID feature enabled. Sites already connected to the MainWP Dashboard plugin and do not have the unique security ID feature enabled, are NOT affected and not required to upgrade. Please note versions up to 5.3.3 contained a patch, though a bypass was discovered and not addressed until version 5.3.4.

Affected

1 ranges
VendorProductVersion rangeFixed in
mainwpmainwp_child_securely_connects_to_the_mainwp_dashboard_to_manage_multiple_sites<= 5.3.3

Detection & IOCsextracted from sources · hover to see the quote

urlPOST / HTTP/1.1 with body: function=register&user=admin&pubkey=
path/wp-content/plugins/mainwp-child/
  • Detect unauthenticated POST requests to the WordPress root (/) with body parameter 'function=register' and an empty 'pubkey=' field — this is the exploit trigger for the MainWP Child auth bypass.
  • A successful exploit results in a 'wordpress_logged_in' cookie being set in the HTTP response headers without prior authentication.
  • Confirm administrator access post-exploitation by checking for 'Howdy, admin' string in the /wp-admin/index.php response body with HTTP 200 status.
  • Presence of the MainWP Child plugin can be fingerprinted via the path /wp-content/plugins/mainwp-child/ in page source.
  • The vulnerable code path is in the register_site / register function within class-mainwp-connect.php; audit calls to this function for missing authorization checks.
  • ·Vulnerability is ONLY exploitable when the MainWP Child plugin has NOT yet been connected to a MainWP Dashboard AND the 'Require unique security ID' option is disabled (disabled by default). Already-connected sites are NOT affected.
  • ·Versions up to 5.3.3 contained an incomplete patch; a bypass was discovered and not fully addressed until version 5.3.4. Ensure upgrade targets 5.3.4 or later.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.