WordPress website owners using the Convert Pro plugin are urged to take immediate action to address a critical Broken Access Control vulnerability, ensuring robust WordPress security and guarding against potential malware threats.

The security flaw was responsibly discovered and reported by Rafie Muhammad of Patchstack. The vulnerability stems from inadequate access control mechanisms within the Convert Pro plugin, providing an opportunity for attackers to gain unauthorized access to sensitive resources.


This Broken Access Control vulnerability in the Convert Pro plugin is classified as high severity, with a CVSS 3.1 score of 7.1.

Affected Versions:

The vulnerability affects all versions of the Convert Pro plugin up to and including version 1.7.5. Websites running these versions are at immediate risk.


If exploited, malicious actors could gain unauthorized access to restricted resources within the WordPress website. This could potentially lead to unauthorized data manipulation, website content tampering, and other malicious activities.


To safeguard the WordPress website and mitigate the risk of potential exploits, it is imperative to update the Convert Pro plugin to the latest available version (at least version 1.7.6) without delay.

In the realm of WordPress security, proactive measures are indispensable to protect against emerging threats and potential WordPress vulnerability exploits. By staying vigilant and promptly addressing vulnerabilities like this Broken Access Control flaw, establish a resilient WordPress security posture and enhance user trust.

Remember, maintaining up-to-date plugins is critical to preserving website integrity and safeguarding sensitive data. Act decisively to secure WordPress sites and create a safe digital environment for visitors and users.