Description

WordPress Plugin Convert Plus is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently create new accounts. WordPress Plugin Convert Plus version 3.4.4 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 3.4.5 or latest

References

https://www.convertplug.com/plus/changelog/

Related Vulnerabilities

WordPress Plugin Wordfence Security-Firewall & Malware Scan Cross-Site Scripting (5.2.2)

WordPress Plugin Import all XML, CSV & TXT into WordPress Information Disclosure (3.6.74)

WordPress Plugin Login as User or Customer Cross-Site Request Forgery (1.9)

WordPress Plugin Vmax Project Manager Local File Inclusion (1.1)

Drupal Core 8.x Multiple Vulnerabilities (8.0.0 - 8.1.9)

Severity

High

Classification

CVE-2019-15863 CWE-264 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Authentication Bypass