Freemius SDK Vulnerabilities Affect Hundreds of WordPress Plugins and Themes
CVE-2022-4974
6.3MEDIUM
Key Information:
- Vendor
Wordpress
- Status
- Vendor
- CVE Published:
- 16 October 2024
What is CVE-2022-4974?
The Freemius SDK, utilized by numerous WordPress plugin and theme developers, is susceptible to security flaws that permit Cross-Site Request Forgery and information disclosure. This is attributed to the absence of adequate capability checks and nonce protection measures on critical functions such as _get_debug_log, _get_db_option, and _set_db_option. Versions of the Freemius SDK prior to 2.4.3 exhibit these vulnerabilities, making any WordPress plugin or theme utilizing these versions susceptible to exploitation.
Affected Version(s)
3D Viewer โ 3D Model Viewer Plugin * < 1.2.7
A no-code page builder for beautiful performance-based content * < 2.1.17
Abeta Link PunchOut *