Critical Vulnerability Patched in Convert Plus Plugin v 3.4.3

djbaxter

Administrator
Joined
Nov 10, 2016
Messages
1,916
Points
113
Critical Vulnerability Patched in Popular Convert Plus Plugin
Wordfence.com
May 29, 2019

Affected Plugin: Convert Plus
Plugin Slug: convertplug
Affected Versions: <= 3.4.2
Patched Version: 3.4.3

On Friday May 24th, our Threat Intelligence team identified a vulnerability present in Convert Plus, a commercial WordPress plugin with an estimated 100,000 active installs. This flaw allowed unauthenticated attackers to register new accounts with arbitrary user roles, up to and including Administrator accounts. We disclosed this issue privately to the plugin’s development team, who released a patch just a few days later.

Convert Plus (formerly convertplug) versions up to 3.4.2 are vulnerable to attacks against this flaw. All Convert Plus users should update to version 3.4.3 immediately, as this is a critical security issue.
Read more...
 

Latest posts

Top