A critical vulnerability in Convert Plus, a commercial plugin for WordPress websites estimated to have 100,000 active installations, allows an unauthenticated attacker to create accounts with administrator privileges. […]
Click here for original story, Convert Plus Plugin Flaw Lets Attackers Become a WordPress Admin
Source: Bleeping Computer