WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Unauthorised AJAX Calls via Freemius

Description

The plugins and themes use an insecure version of the Freemius Framework, which is lacking CSRF and/or authorisation in some of its AJAX actions. As a result, any authenticated users, such as subscriber could access the debug logs. Unauthenticated attackers could also make a logged in admin toggle the debug mode via a CSRF attack.

Proof of Concept

To access debug logs, as any authenticated user: https://example.com/wp-admin/admin-ajax.php?action=fs_get_debug_log

Affects Plugins

the-events-calendar
Fixed in version 5.14.0.4
ocean-extra
Fixed in version 1.9.4
advanced-nocaptcha-recaptcha
Fixed in version 7.0.5
wpcf7-redirect
Fixed in version 2.5.0
foogallery
Fixed in version 2.1.34
wp-security-audit-log
Fixed in version 4.4.0
wp-meta-and-date-remover
Fixed in version 1.9.6
unlimited-elements-for-elementor
Fixed in version 1.5.3
foobox-image-lightbox
Fixed in version 2.7.17
addon-elements-for-elementor-page-builder
Fixed in version 1.11.14

Affects Themes

brand
No known fix
cuisine-palace
No known fix
elasta
Fixed in version 1.0.8
amela
Fixed in version 1.0.5
speculor
No known fix
wp-moose
Fixed in version 1.0.1
meridia
Fixed in version 2.2.7
purosa
Fixed in version 1.1.0
villar
Fixed in version 1.0.8
bani
No known fix

Classification

Type

NO AUTHORISATION

OWASP top 10
A5: Broken Access Control
CWE
CWE-862

Miscellaneous

Verified

Yes

WPVDB ID
6dae6dca-7474-4008-9fe5-4c62b9f12d0a

Timeline

Publicly Published

2022-02-28 (about 1 years ago)

Added

2022-02-28 (about 1 years ago)

Last Updated

2022-11-06 (about 4 months ago)

Our Other Services

WPScan WordPress Security Plugin