Themes Vulnerabilities
Freemius SDK < 2.5.10 - Reflected Cross-Site Scripting
Description
The Freemius SDK for WordPress does not adequately sanitize inputs or escape outputs, leading to Reflected Cross-Site Scripting. This directly affects over 1000 plugins and themes that use this SDK.
Affects Themes
Fixed in 1.0.6
No known fix
No known fix
No known fix
No known fix
No known fix
Fixed in 1.0.9
No known fix
Fixed in 1.3.8
No known fix
Fixed in 10.2.1
No known fix
Fixed in 1.2.0
No known fix
No known fix
No known fix
No known fix
No known fix
No known fix
Fixed in 3.1.1
No known fix
No known fix
No known fix
Fixed in 1.2.2
No known fix
No known fix
Fixed in 1.8.10
No known fix
Fixed in 1.2.3
No known fix
No known fix
No known fix
No known fix
Fixed in 2.0.7
No known fix
No known fix
No known fix
Fixed in 1.18.3
No known fix
No known fix
No known fix
Fixed in 1.1.3
No known fix
No known fix
No known fix
No known fix
Fixed in 2.2.8
No known fix
No known fix
No known fix
No known fix
Fixed in 1.1.2
No known fix
No known fix
No known fix
No known fix
Fixed in 1.1.6
No known fix
No known fix
Fixed in 10.0.8
Fixed in 10.2.3
No known fix
No known fix
No known fix
Fixed in 1.1.1
No known fix
No known fix
No known fix
Fixed in 1.2.3
No known fix
No known fix
No known fix
No known fix
Fixed in 1.1.11
No known fix
No known fix
No known fix
No known fix
Fixed in 1.0.12
No known fix
Fixed in 1.0.8
Fixed in 1.2.5.3
No known fix
Fixed in 1.0.7
No known fix
No known fix
No known fix
Fixed in 1.0.4
References
CVE
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Rafie Muhammad
Verified
No
WPVDB ID
Timeline
Publicly Published
2023-07-18 (about 9 months ago)
Added
2023-07-25 (about 9 months ago)
Last Updated
2024-01-24 (about 3 months ago)