For the second time this week a WordPress plugin has been found vulnerable, this time allowing an attacker to gain administrative privileges in plugin Convert Plus.
Convert Plus, which has 100,000 active installs, is a commercial lead generation tool containing a critical-rated "unauthenticated administrator creation" flaw, according to Wordfence. If exploited, the flaw allows an attacker to create and register new accounts with various privilege levels up to administrator.
Those using Convert Plus version 3.4.2 need to immediately update to version 3.4.3, Wordfence said.
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.