ThreatPress

WordPress Vulnerabilities Database

Back

WordPress ConvertPlus plugin <= 3.4.2 - Unauthenticated Arbitrary User Role Creation vulnerability

Product
ConvertPlus
Description
Unauthenticated Arbitrary User Role Creation vulnerability found by WordFence in WordPress ConvertPlus plugin (versions <= 3.4.2).
Solution
Update the WordPress ConvertPlus plugin to the latest available version (at least 3.4.3).
Classification
Type BYPASS
OWASP Top 10 A7: Missing Function Level Access Control
References
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <= 3.4.2
Fixed In 3.4.3
Disclosure date
2019-06-11
Credits
WordFence
Submitter
ThreatPress