-96%
Elementor Pro Activator 1.0.3
Original price was: 59.00 $.1.95 $Current price is: 1.95 $.
- INR: ₹ 183.27
- AUD: 2.79 $
- EUR: 1.68 €
- GBP: 1.45 £
ConvertPlus 3.5.23
Original price was: 44.99 $.1.95 $Current price is: 1.95 $.
- INR: ₹ 183.27
- AUD: 2.79 $
- EUR: 1.68 €
- GBP: 1.45 £
| Version: | 3.5.23 |
|---|---|
| Updated: | Aug 10, 2021 |
| Developer Live Preview: | Codecanyon |
Description
ConvertPlus
ConvertPlusWP Real Media Library is a WordPress plugin that allows you to easily manage your media library in your blog.
For full details and features, check out the sales page.
A critical vulnerability in Convert Plus, a commercial plugin for WordPress websites estimated to have 100,000 a ctive installations, allows an unauthenticated attacker to create accounts with administrator privileges.
The problem stems from lack of filtering when processing a new user subscription via a form supplied by the plugin.
Hidden admin value
ConvertPlus Convert Plus, formerly Convert Plug, was created to make websites more engaging and for calling visitors to action.
The intended effect is to increase the user base and sales conversions, and it is achieved through various call-to-action elements on the page.
To handle new subscribers, administrators have the possibility to set up a form where they can define the role they want for the new users. An administrator account is not on the list, as the plugin keeps it off the list available in a drop-down menu.Researchers at Defiant discovered that vulnerable versions of the Convert Plus plugin made available the administrator role in a hidden field called
“cp_set_user.””Because this value is supplied by the same HTTP request as the rest of the subscription entry, it can be modified by the user,” explains Michael Veenstra, threat analyst at Defiant.Without filtering new subscriptions, an attacker can submit a submission form and modify the value of the “cp_set_user” and set it to “administrator” thus creating a new user with top privileges on the website.A random password is associated with the new account, but the attacker can request a password reset to learn the login code.
Reviews (0)
Only logged in customers who have purchased this product may leave a review.
BEFORE BUYING
OUR BUSINESS HOURS ARE MONDAY TO FRIDAY FROM 10:00 AM TO 6:00 PM (GMT-5.30), ANY REQUEST MADE OUTSIDE THESE HOURS WILL BE ANSWERED UNTIL NEXT BUSINESS DAY. UPDATES CAN TAKE 24 TO 48 HOURS. SUPPORT PROVIDED IS FOR PRODUCT INSTALLATION. PLEASE BE AWARE OF POSSIBLE TIME ZONE DIFFERENCES WHEN WAITING FOR OUR REPLY.
Updates:
- To receive an email notification when products have been updated, be sure to click on the notification button below the product image.
- On a standalone item, you will get lifetime updates. If you choose a membership, updates and access to your items will be available as long as your membership is active.
- We regularly update products as soon as we are notified about an update, we go and download it from the author and update it on our site, but In case the current version of the product is not the latest, You can request an update for the product.
- We send regular emails advising when products have been updated so please be sure to provide an active email address when you sign up.
Support:
- If you have any question or need help installing products purchased on our website, please don’t hesitate to contact us.
- Please note that we are not developers of the provided products, so our technical support capabilities are limited. We do not change product functionality and do not fix developer bugs.
- We don’t offer any additional author services like author’s support and license keys and we are not affiliated or in any way related to third-party developers or trademark owners. If you want to know more about GNU / GPL License, CLICK HERE.
Abuse Warning:
- Please note that accounts are monitored and redistribution of our content is not allowed and will not be tolerated.
- Our system may detect patterns of downloading items from non-end users outside of our fair use policy.
- Any violation of our terms of use will result in permanent account suspension and no refunds will be issued.
- Subscriptions can be cancelled at any time from your account control panel.
- Downloads are strictly subject to our fair use policy.
For more information please read FAQs & Terms of Use.
ACTIVATION AND NOTE
CONTENT AVAILABLE ONLY FOR MEMBERSHIP.
Related products
Easy Side Tab Pro 2.07
Original price was: 59.99 $.1.95 $Current price is: 1.95 $.- INR: ₹ 183.27
- AUD: 2.79 $
- EUR: 1.68 €
- GBP: 1.45 £
Filebird Pro 5.0.6
Original price was: 48.99 $.1.95 $Current price is: 1.95 $.- INR: ₹ 183.27
- AUD: 2.79 $
- EUR: 1.68 €
- GBP: 1.45 £
Pretty Link Pro 3.2.4
Original price was: 68.99 $.1.95 $Current price is: 1.95 $.- INR: ₹ 183.27
- AUD: 2.79 $
- EUR: 1.68 €
- GBP: 1.45 £
Rank Math SEO PRO 3.0.19+1.0.96
Original price was: 38.99 $.1.95 $Current price is: 1.95 $.- INR: ₹ 183.27
- AUD: 2.79 $
- EUR: 1.68 €
- GBP: 1.45 £
WP All Export Pro 1.8.2-beta-1.6
Original price was: 98.99 $.1.95 $Current price is: 1.95 $.- INR: ₹ 183.27
- AUD: 2.79 $
- EUR: 1.68 €
- GBP: 1.45 £
WP All Import Pro 4.11.4
Original price was: 58.99 $.1.95 $Current price is: 1.95 $.- INR: ₹ 183.27
- AUD: 2.79 $
- EUR: 1.68 €
- GBP: 1.45 £
WP News and Scrolling Widgets Pro 2.4.3
Original price was: 58.99 $.1.95 $Current price is: 1.95 $.- INR: ₹ 183.27
- AUD: 2.79 $
- EUR: 1.68 €
- GBP: 1.45 £
WPBot Pro11.0.1
Original price was: 25.99 $.1.95 $Current price is: 1.95 $.- INR: ₹ 183.27
- AUD: 2.79 $
- EUR: 1.68 €
- GBP: 1.45 £
Reviews
There are no reviews yet.