WordPress Plugin Vulnerabilities
Unauthorised AJAX Calls via Freemius
Description
The plugins and themes use an insecure version of the Freemius Framework, which is lacking CSRF and/or authorisation in some of its AJAX actions. As a result, any authenticated users, such as subscriber could access the debug logs. Unauthenticated attackers could also make a logged in admin toggle the debug mode via a CSRF attack.
Proof of Concept
To access debug logs, as any authenticated user: https://example.com/wp-admin/admin-ajax.php?action=fs_get_debug_log
Affects Plugins
Affects Themes
No known fix
No known fix
Fixed in 1.0.8
Fixed in 1.0.5
No known fix
Fixed in 1.0.1
Fixed in 2.2.7
Fixed in 1.1.0
Fixed in 1.0.8
No known fix
Fixed in 1.2.2
Fixed in 1.1.3
Fixed in 1.6.5
Fixed in 1.0.11
Fixed in 1.1.01
Fixed in 1.2.4.2
Fixed in 1.0.5
No known fix
No known fix
No known fix
Fixed in 2.0.3
No known fix
Fixed in 1.8.6
No known fix
No known fix
Classification
Type
NO AUTHORISATION
OWASP top 10
CWE
CVSS
Miscellaneous
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-02-28 (about 2 years ago)
Added
2022-02-28 (about 2 years ago)
Last Updated
2023-07-11 (about 10 months ago)