CVE-2024-3237

The ConvertPlug plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cp_dismiss_notice() function [1]. This vulnerability affects all versions up to, and including, 3.5.25. The function does not properly verify user permissions before processing a request, allowing any authenticated user, including those with subscriber-level access, to call it [1].

The attack requires the attacker to be logged into WordPress with at least a subscriber account. The cp_dismiss_notice() function can be exploited to update arbitrary option values to true [1]. Since the function lacks a capability check, an attacker can craft a request that modifies site options without authorization [1].

The impact is that an attacker can change arbitrary WordPress option values to true. This could be used to alter site behavior, enable debug modes, or modify other sensitive settings, potentially leading to further compromise [1].

As of the publication date, the vendor has not released a patched version. Users are advised to update the plugin as soon as a fix becomes available [1].