Description
WordPress Plugin WPMktgEngine is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently turn on user registration. WordPress Plugin WPMktgEngine version 3.7.6 is vulnerable; prior versions may also be affected.
Remediation
Disable the plugin until a fix is available
References
Related Vulnerabilities
WordPress Plugin Background Music Cross-Site Scripting (1.0)
WordPress 4.3.x Multiple Vulnerabilities (4.3 - 4.3.2)
WordPress Plugin Pinterest Badge Cross-Site Scripting (1.9.0)
WordPress Plugin NextGEN Gallery-WordPress Gallery Unspecified Vulnerability (2.0.77.3)
WordPress Plugin Ultimate Member-User Profile & Membership Cross-Site Scripting (2.0.10)