Description
WordPress Plugin Remove WP Update Nags is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently perform a variety of the plugin's actions or even take over a website. WordPress Plugin Remove WP Update Nags version 1.3.0 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.4.0 or latest
References
https://github.com/Freemius/wordpress-sdk/commit/50a7ca3d921d59e1d2b39bb6ab3c6c7efde494b8
https://plugins.svn.wordpress.org/remove-wp-update-nags/trunk/readme.txt
Related Vulnerabilities
WordPress 4.4.x Multiple Vulnerabilities (4.4 - 4.4.30)
osTicket Other Vulnerability (CVE-2006-5407)
WordPress Plugin ApplyOnline-Application Form Builder and Manager Arbitrary File Disclosure (1.9.92)
WordPress Plugin WP Fastest Cache Arbitrary File Deletion (0.8.9.0)
WordPress Plugin Responsive Logo Slideshow Cross-Site Scripting (1.0)