42 matches found
CVE-2024-13362 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter
Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the url parameter in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
EUVD-2022-53926
Malicious code in bioql PyPI...
EUVD-2023-12497
Malicious code in bioql PyPI...
CVE-2023-0443
The AnyWhere Elementor WordPress plugin before 1.2.8 discloses a Freemius Secret Key which could be used by an attacker to purchase the pro subscription using test credit card numbers without actually paying the amount. Such key has been revoked...
CVE-2022-4974
The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the getdebuglog, getdboption, and the setdboption functions in versions up to, and...
CVE-2022-4974
The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the getdebuglog, getdboption, and the setdboption functions in versions up to, and...
CVE-2022-4974
The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the getdebuglog, getdboption, and the setdboption functions in versions up to, and...
CVE-2022-4974
The connected sources confirm CVE-2022-4974 concerns the Freemius SDK used in WordPress plugins/themes, with a root cause of missing capability checks and nonce protection in the functions _get_debug_log, _get_db_option, and _set_db_option. Versions up to and including 2.4.2 are vulnerable to Cro...
CVE-2022-4974 Freemius SDK <= 2.4.2 - Missing Authorization Checks
The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the getdebuglog, getdboption, and the setdboption functions in versions up to, and...
CVE-2022-4974 Freemius SDK <= 2.4.2 - Missing Authorization Checks
The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the getdebuglog, getdboption, and the setdboption functions in versions up to, and...
WordPress plugin Freemius SDK 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-11911 · Freemius · Freemius Sdk
Name of the Vulnerable Software and Affected Versions: Freemius SDK versions up to, and including 2.4.2 Freemius SDK versions prior to 2.4.3 Description: The issue concerns Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the...
VulnCheck KEV: CVE-2022-4974
The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the getdebuglog, getdboption, and the setdboption functions in versions up...
Freemius SDK < 2.5.10 - Reflected Cross-Site Scripting
Description The Freemius SDK for WordPress does not adequately sanitize inputs or escape outputs, leading to Reflected Cross-Site Scripting. This directly affects over 1000 plugins and themes that use this SDK...
Freemius SDK < 2.5.10 - Reflected Cross-Site Scripting
Description The Freemius SDK for WordPress does not adequately sanitize inputs or escape outputs, leading to Reflected Cross-Site Scripting. This directly affects over 1000 plugins and themes that use this SDK...
Freemius SDK < 2.5.10 - Reflected Cross-Site Scripting
Description The Freemius SDK for WordPress does not adequately sanitize inputs or escape outputs, leading to Reflected Cross-Site Scripting. This directly affects over 1000 plugins and themes that use this SDK...
Freemius SDK < 2.5.10 - Reflected Cross-Site Scripting
Description The Freemius SDK for WordPress does not adequately sanitize inputs or escape outputs, leading to Reflected Cross-Site Scripting. This directly affects over 1000 plugins and themes that use this SDK...
Freemius SDK < 2.5.10 - Reflected Cross-Site Scripting
Description The Freemius SDK for WordPress does not adequately sanitize inputs or escape outputs, leading to Reflected Cross-Site Scripting. This directly affects over 1000 plugins and themes that use this SDK...
Freemius SDK < 2.5.10 - Reflected Cross-Site Scripting
Description The Freemius SDK for WordPress does not adequately sanitize inputs or escape outputs, leading to Reflected Cross-Site Scripting. This directly affects over 1000 plugins and themes that use this SDK...
WordPress Simple Freemius Shop Plugin <= 1.5.0 is vulnerable to Cross Site Scripting (XSS)
Software Simple Freemius Shop Type Plugin Vulnerable versions = 1.5.0 Fixed in 2.0.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID c608c52e1a65 Credits Rafie Muhammad Patchstack...