Description
WordPress Plugin WPMktgEngine is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently turn on user registration. WordPress Plugin WPMktgEngine version 3.7.6 is vulnerable; prior versions may also be affected.
Remediation
Disable the plugin until a fix is available
References
Related Vulnerabilities
WordPress Plugin Donorbox-Free Recurring Donation Form Cross-Site Scripting (7.1.1)
WordPress Plugin Keep Backup Daily Unspecified Vulnerability (2.0.3)
WordPress Plugin Local Weather Cross-Site Scripting (1.0)
WordPress Plugin Exit Popups & Onsite Retargeting by OptiMonk Cross-Site Scripting (1.2.5)
WordPress Plugin WP Ultimate Email Marketer Multiple Vulnerabilities (1.1.0)