WordPress ConvertPlus plugin <= 3.5.30 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update vulnerability
Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.
- Type:
- Broken Access Control
- Score:
- 8.1
References
PatchStack
CVE
Timeline
- Publicly Published
- 2025-02-11
- Created
- 2025-02-11
WordPress ConvertPlus plugin <= 3.5.26 - Authenticated (Contributor+) PHP Object Injection vulnerability
Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.
- Type:
- PHP Object Injection
- Score:
- 7.5
WordPress ConvertPlug plugin <= 3.5.25 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update vulnerability
Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.
- Type:
- Broken Access Control
- Score:
- 5.4
WordPress ConvertPlug plugin <= 3.5.25 - Authenticated (Contributor+) PHP Object Injection vulnerability
Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.
- Type:
- PHP Object Injection
- Score:
- 8.5