Critical Vulnerability Patched in Convert Plus Plugin v 3.4.3

djbaxter

Administrator
Administrator
Joined
Jun 28, 2012
Messages
2,913
Critical Vulnerability Patched in Popular Convert Plus Plugin
Wordfence.com
May 29, 2019

Affected Plugin: Convert Plus
Plugin Slug: convertplug
Affected Versions: <= 3.4.2
Patched Version: 3.4.3

On Friday May 24th, our Threat Intelligence team identified a vulnerability present in Convert Plus, a commercial WordPress plugin with an estimated 100,000 active installs. This flaw allowed unauthenticated attackers to register new accounts with arbitrary user roles, up to and including Administrator accounts. We disclosed this issue privately to the plugin’s development team, who released a patch just a few days later.

Convert Plus (formerly convertplug) versions up to 3.4.2 are vulnerable to attacks against this flaw. All Convert Plus users should update to version 3.4.3 immediately, as this is a critical security issue.
Read more...
 

  Weekly Digest

Weekly Digest
Subscribe/Unsubscribe

  Promoted Posts

New advertising option: A review of your product or service posted by a Sterling Sky employee. This will also be shared on the Sterling Sky & LSF Twitter accounts, our Facebook group, LinkedIn, and both newsletters. More...

  Local University Guide


Google Product Exert

Top