Description
WordPress Plugin Convert Plus is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently register new accounts with Administrator privileges. WordPress Plugin Convert Plus version 3.4.2 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.4.3 or latest
References
Related Vulnerabilities
Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-14998)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-7531)
WordPress Plugin Contact Form Generator Multiple Cross-Site Request Forgery Vulnerabilities (2.1.86)