WordPress ConvertPlus Plugin <= 3.5.25 is vulnerable to Broken Access Control

Software ConvertPlus Type Plugin Vulnerable versions = 3.5.25 Fixed in 3.5.26 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3237 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 5a31149e9135 Credits M.Awad Required privilege...

WordPress ConvertPlus Plugin <= 3.5.25 is vulnerable to PHP Object Injection

Software ConvertPlus Type Plugin Vulnerable versions = 3.5.25 Fixed in 3.5.26 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-3240 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 5120b9c81ed3 Credits 1337Wannabe Required privilege...

WordPress ConvertPlus Plugin Input Validation Error Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.ConvertPlus is a popup plugin used in it. A security vulnerability exists in WordPress ConvertPlus plugin versions prior to 3.4.5. No...

CVE-2019-15863

The ConvertPlus plugin before 3.4.5 for WordPress has an unintended account creation with the none role via a request for variants...

CVE-2019-15863

The ConvertPlus plugin before 3.4.5 for WordPress has an unintended account creation with the none role via a request for variants...

Cross site request forgery (csrf)

The ConvertPlus plugin before 3.4.5 for WordPress has an unintended account creation with the none role via a request for variants...

CVE-2019-15863

CVE-2019-15863 affects the WordPress ConvertPlus plugin prior to version 3.4.5. The vulnerability allows unintended account creation (with the none role) via a request for variants, enabling an unauthorized user to create accounts through the plugin’s variant request flow. Impact is user creation...

CVE-2019-15863

The ConvertPlus plugin before 3.4.5 for WordPress has an unintended account creation with the none role via a request for variants...

WordPress ConvertPlus plugin <= 3.4.4 - Multiple Security Issues and vulnerabilities

Multiple Security Issues and vulnerabilities found in WordPress ConvertPlus plugin versions = 3.4.4. Solution Update the WordPress ConvertPlus plugin to the latest available version at least 3.4.5...

WordPress ConvertPlus plugin <= 3.4.2 - Unauthenticated Arbitrary User Role Creation vulnerability

Unauthenticated Arbitrary User Role Creation vulnerability found by WordFence in WordPress ConvertPlus plugin versions = 3.4.2. Solution Update the WordPress ConvertPlus plugin to the latest available version at least 3.4.3...

ConvertPlus <= 3.4.4 - Multiple Issues

According to the changelog: 3.4.5 - Security: User with none role gets created on form submission by curl request for variants. 3.4.4 - Improved sanitization, escaping and other security improvements...

ConvertPlus <= 3.4.2 - Unauthenticated Arbitrary User Role Creation

The convertplug WordPress plugin was affected by an Unauthenticated Arbitrary User Role Creation security vulnerability...