Vulnerabilities and security researches for worker

Jun 06, 2024

CVE, Research URL: 789a6ab801477af9ad5fe7f355a0f14114bd6d5f
Home page URL: Security reports for ManageWP Worker
Application: ManageWP Worker
Date: Feb 11, 2020
Research Description: ManageWP Worker [worker] < 4.9.3 Manage WP Worker <= 4.9.2 - Authentication Bypass The Manage WP Worker plugin for WordPress is vulnerable to authentication bypass in versions up to, and including 4.9.2, due to the use of global keys that every installation of Manage WP worker uses for signature verification. This makes it possible to specially craft a request that can be used to auto-login as any user on any WordPress site running the plugin.
Affected versions: Min -, max -.
Status: vulnerable

PSC, Research URL: PSC-2024-64551
Home page URL: Security reports for ManageWP Worker
Application: ManageWP Worker
Date: -
Research Description: The ManageWP Worker plugin, with over 1 million downloads, is a powerful tool for managing multiple WordPress websites from a single dashboard. It offers features such as automated backups, security monitoring, bulk updates, and website cloning. However, from a security standpoint, plugins with administrative control over multiple sites require strict scrutiny to ensure data integrity and prevent potential exploitation.
Affected versions: Min -, max -.
Status: SAFE & CERTIFIED