MainWP Child 2.0.9.2 contains a critical security update, and you should update all your Child sites as soon as possible. You can update all your Child sites directly through your MainWP dashboard (be sure to Sync your sites to see the available update), or download the MainWP Child manually here.
Yesterday we were contacted by the Sucuri Labs team regarding a vulnerability that would allow attackers to log into any account without requiring the password as long as they know the accounts username.
Fortunately, we have no reports of the vulnerability being used in the wild. However, now that this update is public, it’s just a matter of time before people are trying. To avoid any issues, you should update your Child sites as soon as possible.
We do our best to find and fix security issues as soon as they are discovered and we want to thank the the Sucuri Labs team for bringing this one to our attention, using responsible disclosure. We also encourage other coders and security experts to use our White Hat Reward program to help provide the most secure experience possible to our users.
On a personal note, I do apologize the inconvenience and I understand that an issue like this requiring a quick update can be stressful but I can promise when an issue, such as this is reported, you can count on us to do all that we can to keep you and your sites protected.
If you have any questions please submit a ticket in the MainWP Support Portal and I will do my best to provide any answer.
Thanks for using MainWP,
Dennis
1 thought on “MainWP Critical Child Security Update”
Thank you guys for this, done! 🙂
Comments are closed.