Critical security vulnerability found in Convert Plus plugin

For the second time in the last 2 weeks, a popular WordPress plugin has been discovered to contain a critical security vulnerbility, allowing hackers to extend admin control permissions in WordPress.

The plugin is Convert Plus, and it is currently active installed in over 100,000 WP sites, is a business lead tool containing a “unauthenticated admin creation” issue. If the attackers can gain access, it could allow them to create new WordPress users with different user roles up to administrator, giving them full access to the site including deleting other users, deleting content, injecting scripts into the themes or plugins and much more.

Those using the Convert Plus plugin on version 3.4.2 have to quickly update to version 3.4.3 to patch the vulnerability as soon as possible to avoid potential hacking of the site and the site’s hosting server.

The vulnerability was found on 24 May and an update patch was released on the 28 May.

Last week, security analysts found another vulnerbility hole within the WordPress plugin, Slick Popup.

If you are experiencing issues with your WordPress site or you wish to improve your site’s security, speed, SEO ranking and receive specialist WordPress support should the worst happen, all these and more are included with every WP Sanctuary plan.  Start a plan today for a free migration onto our next-generation WordPress maintenance and management plans.