10 matches found
EUVD-2022-53926
Malicious code in bioql PyPI...
CVE-2022-4974
The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the getdebuglog, getdboption, and the setdboption functions in versions up to, and...
CVE-2022-4974
The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the getdebuglog, getdboption, and the setdboption functions in versions up to, and...
CVE-2022-4974
The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the getdebuglog, getdboption, and the setdboption functions in versions up to, and...
CVE-2022-4974 Freemius SDK <= 2.4.2 - Missing Authorization Checks
The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the getdebuglog, getdboption, and the setdboption functions in versions up to, and...
CVE-2022-4974
The connected sources confirm CVE-2022-4974 concerns the Freemius SDK used in WordPress plugins/themes, with a root cause of missing capability checks and nonce protection in the functions _get_debug_log, _get_db_option, and _set_db_option. Versions up to and including 2.4.2 are vulnerable to Cro...
CVE-2022-4974 Freemius SDK <= 2.4.2 - Missing Authorization Checks
The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the getdebuglog, getdboption, and the setdboption functions in versions up to, and...
VulnCheck KEV: CVE-2022-4974
The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the getdebuglog, getdboption, and the setdboption functions in versions up...
Freemius SDK < 2.5.10 - Reflected Cross-Site Scripting
Description The Freemius SDK for WordPress does not adequately sanitize inputs or escape outputs, leading to Reflected Cross-Site Scripting. This directly affects over 1000 plugins and themes that use this SDK...
VulnCheck KEV: CVE-2023-33999
Freemius SDK for WordPress is vulnerable to a reflected cross site scripting vulnerability due to improper sanitization...