WordPress Plugins and Themes vulnerability: March Edition

vyasvyas OG
edited March 2022 in WordPress

This is the Motherload


From the post

The plugins and themes use an insecure version of the Freemius Framework, which is lacking CSRF and/or authorisation in some of its AJAX actions. As a result, any authenticated users, such as subscriber could access the debug logs. Unauthenticated attackers could also make a logged in admin toggle the debug mode via a CSRF attack.

Squats are the new Push-ups

Thanked by (3)bikegremlin Ympker level6
Sign In or Register to comment.