cleantalk
Vulnerabilities and Security Researches

ManageWP Worker, 789a6ab801477af9ad5fe7f355a0f14114bd6d5f

CVE, Research URL

789a6ab801477af9ad5fe7f355a0f14114bd6d5f

Home page URL

Security reports for ManageWP Worker

Application

ManageWP Worker

Published on
Feb 11, 2020
Research Description
ManageWP Worker [worker] < 4.9.3 Manage WP Worker <= 4.9.2 - Authentication Bypass The Manage WP Worker plugin for WordPress is vulnerable to authentication bypass in versions up to, and including 4.9.2, due to the use of global keys that every installation of Manage WP worker uses for signature verification. This makes it possible to specially craft a request that can be used to auto-login as any user on any WordPress site running the plugin.
Affected versions
Min -, max 4.9.3.
Status
vulnerable
Previous vulnerability researches
Management App for WooCommerce &#8211; Order notifications, Order management, Lead management, Uptime Monitoring (CVE-2024-1205) , Jun 07, 2024
ManageWP Worker , Jan 29, 2025
ManageWP Worker (789a6ab801477af9ad5fe7f355a0f14114bd6d5f) , Jun 06, 2024
New vulnerability
Clinked Client Portal (CVE-2025-32615) , Apr 17, 2025
Kadence WooCommerce Email Designer (CVE-2025-39557) , Apr 17, 2025
Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag &amp; Drop WP Form Builder (CVE-2025-3615) , Apr 17, 2025
Doppler Forms (CVE-2025-32620) , Apr 17, 2025
WP Tools Increase Maximum Limits, Repair, Server PHP Info, Javascript errors, File Permissions, Transients, Error Log (CVE-2025-39544) , Apr 17, 2025