WordPress Plugins and Themes vulnerability: March Edition

vyasvyas OGContent Writer
edited March 1 in WordPress

This is the Motherload


From the post

The plugins and themes use an insecure version of the Freemius Framework, which is lacking CSRF and/or authorisation in some of its AJAX actions. As a result, any authenticated users, such as subscriber could access the debug logs. Unauthenticated attackers could also make a logged in admin toggle the debug mode via a CSRF attack.

VPS reviews | | MicroLXC | English is my nth language.

Thanked by (3)bikegremlin Ympker level6
Sign In or Register to comment.