What the vulnerability does
01Description
Missing Authorization vulnerability in MainWP MainWP Wordfence Extension.This issue affects MainWP Wordfence Extension: from n/a through 4.0.7.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
What the vulnerability does
Missing Authorization vulnerability in MainWP MainWP Wordfence Extension.This issue affects MainWP Wordfence Extension: from n/a through 4.0.7.
Explanation of Vulnerability in Simple Terms
The MainWP Wordfence Extension through version 4.0.7 lacks proper authorization checks, allowing authenticated users with low privileges to read and modify sensitive security settings. An attacker with a low-privilege account can access Wordfence configuration data and make unauthorized changes to security policies without higher-level permission verification.
What an attacker can do
Read and modify Wordfence security settings with a low-privilege account.
Potential impact on your site
Low-privilege users can view and alter critical security configurations, potentially weakening site defenses.
Conditions required to exploit
Attacker must have a low-privilege authenticated account on the MainWP site.
Key dates
External resources
Related vulnerabilities