Skip to main content

Convertplus

2 CVEs product

Monthly

CVE-2024-13800 HIGH This Week

The ConvertPlus plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cp_dismiss_notice' AJAX endpoint. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Denial Of Service Convertplus
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2019-15863 HIGH This Week

The ConvertPlus plugin before 3.4.5 for WordPress has an unintended account creation (with the none role) via a request for variants. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Convertplus
NVD
CVSS 3.0
7.5
EPSS
1.6%
EPSS 0% CVSS 8.1
HIGH This Week

The ConvertPlus plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cp_dismiss_notice' AJAX endpoint. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Denial Of Service +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

The ConvertPlus plugin before 3.4.5 for WordPress has an unintended account creation (with the none role) via a request for variants. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Convertplus
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy