Description
WordPress Plugin Convert Plus is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently register new accounts with Administrator privileges. WordPress Plugin Convert Plus version 3.4.2 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.4.3 or latest
References
Related Vulnerabilities
WordPress Plugin Contact Form 7 Security Bypass (4.1)
WordPress Plugin Booking calendar, Appointment Booking System Multiple Vulnerabilities (2.1.7)
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-7317)
WebLogic Inclusion of Functionality from Untrusted Control Sphere Vulnerability (CVE-2018-11040)