VYPR

Convertplug

by WordPress

CVEs (5)

  • CVE-2024-3240HigMay 4, 2024
    risk 0.57cvss 8.8epss 0.01

    The ConvertPlug plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.25 via deserialization of untrusted input from the 'settings_encoded' attribute of the 'smile_info_bar' shortcode. This makes it possible for authenticated…

  • CVE-2024-13800HigFeb 12, 2025
    risk 0.53cvss 8.1epss 0.00

    The ConvertPlus plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cp_dismiss_notice' AJAX endpoint in all versions up to, and including, 3.5.30. This makes it possible for…

  • CVE-2024-4838HigMay 16, 2024
    risk 0.49cvss 7.5epss 0.01

    The ConvertPlus plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.26 via deserialization of untrusted input from the 'settings_encoded' attribute of the 'smile_modal' shortcode. This makes it possible for authenticated…

  • CVE-2019-15863HigSep 3, 2019
    risk 0.49cvss 7.5epss 0.02

    The ConvertPlus plugin before 3.4.5 for WordPress has an unintended account creation (with the none role) via a request for variants.

  • CVE-2024-3237MedMay 4, 2024
    risk 0.35cvss 5.4epss 0.00

    The ConvertPlug plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cp_dismiss_notice() function in all versions up to, and including, 3.5.25. This makes it possible for authenticated attackers, with subscriber-level…