Important Security Update: MainWP Child Reports Plugin Vulnerability Patched

Recently a security issue that affected the MainWP Child Reports plugin was discovered, which was promptly addressed by our team. The Wordfence Intelligence team identified a vulnerability in the plugin, which impacts all versions up to and including 2.2. This vulnerability could potentially be exploited through Cross-Site Request Forgery (CSRF), posing a risk ONLY to multisite WordPress instances.

Understanding the Vulnerability

Lack of a proper nonce validation could allow unauthenticated attackers to update arbitrary options on a WordPress Multisite site, potentially leading to privilege escalation. To exploit this vulnerability, an attacker would need to trick a site administrator into performing an action, such as clicking a malicious link. Importantly, this vulnerability only affects multisite WordPress setups.

Swift Response and Resolution

Upon receiving the report from Wordfence team, our team acted quickly and efficiently, releasing a patched version of the plugin within 24 hours which was then verified by the Wordfence team as tested and resolved.

This rapid response underscores our commitment to the security and safety of our users. We strongly encourage all users to update the MainWP Child Reports plugin to the latest version to ensure their sites remain secure.

Steps for Users

To protect your sites update the MainWP Child Reports plugin to version 2.2.1.

Commitment to Security

At MainWP, the security of your websites is our top priority. We are grateful to the Wordfence Intelligence team for identifying this issue and assisting us in resolving it swiftly. We remain committed to working diligently to protect our community from potential threats.