WordPress Plugins and Themes vulnerability: March Edition

vyasvyas OGContent Writer
edited March 2022 in WordPress

This is the Motherload


From the post

The plugins and themes use an insecure version of the Freemius Framework, which is lacking CSRF and/or authorisation in some of its AJAX actions. As a result, any authenticated users, such as subscriber could access the debug logs. Unauthenticated attackers could also make a logged in admin toggle the debug mode via a CSRF attack.

VPS reviews | | MicroLXC | English is my nth language.

Thanked by (3)bikegremlin Ympker level6
Sign In or Register to comment.

This Site is currently in maintenance mode.
Please check back here later.

→ Site Settings