WordPress Plugins and Themes vulnerability: March Edition

vyasvyas OGRetired
edited March 2022 in WordPress

This is the Motherload

https://wpscan.com/vulnerability/6dae6dca-7474-4008-9fe5-4c62b9f12d0a

From the post

The plugins and themes use an insecure version of the Freemius Framework, which is lacking CSRF and/or authorisation in some of its AJAX actions. As a result, any authenticated users, such as subscriber could access the debug logs. Unauthenticated attackers could also make a logged in admin toggle the debug mode via a CSRF attack.

Thanked by (3)bikegremlin Ympker level6
Tagged:
Sign In or Register to comment.