WordPress Plugin Vulnerabilities
Freemius SDK < 2.5.10 - Reflected Cross-Site Scripting
Description
The Freemius SDK for WordPress does not adequately sanitize inputs or escape outputs, leading to Reflected Cross-Site Scripting. This directly affects over 1000 plugins and themes that use this SDK.
Affects Plugins
Fixed in 3.201706150908
Fixed in 1.0.5 
No known fix
No known fix
Fixed in 2.2.1
No known fix
Fixed in 1.2.4
Fixed in 2.3.3
Fixed in 3.1
Fixed in 2.1.5
Fixed in 1.5.2
No known fix
Fixed in 1.0.2
Fixed in 3.8.0
No known fix
Fixed in 2.0.0
Fixed in 4.2b1
No known fix
Fixed in 2.8.0
Fixed in 3.8.3
Fixed in 2.8.3
Fixed in 1.5.1
Fixed in 4.0.4
Fixed in 3.9.1
Fixed in 1.3
No known fix
Fixed in 1.2.48
Fixed in 7.0.6
Fixed in 20200610
Fixed in 1.1.10
Fixed in 8.4.9
Fixed in 1.0.12
Fixed in 17.8.2
Fixed in 3.0.6
Fixed in 0.0.99
No known fix
Fixed in 2.0.19
Fixed in 3.1.4
Fixed in 2.0.0
Fixed in 1.5.2
No known fix
Fixed in 1.3.1
Fixed in 2.5.20
Fixed in 2.2.11
Fixed in 3.1.0
No known fix
Fixed in 2.0.0
Fixed in 1.1.3
Fixed in 0.0.7
Fixed in 2.2
Fixed in 2.1.2
Fixed in 1.1.21
Fixed in 1.5.9.9
Fixed in 3.16.10
Fixed in 1.3.15
No known fix
Fixed in 1.3.4
Fixed in 1.5
No known fix
No known fix
No known fix
Fixed in 2.2.7
No known fix
Fixed in 1.17
Fixed in 1.12
No known fix
Fixed in 5.2.8
Fixed in 1.6.2
No known fix
Fixed in 1.2.0
Fixed in 1.5.75
Fixed in 2.0.10
No known fix
Fixed in 1.2.0
Fixed in 1.4.0
No known fix
Fixed in 4.5.4
Fixed in 4.1.13
No known fix
No known fix
Fixed in 1.3.3
Fixed in 4.5.1
No known fix
Fixed in 2.1
Fixed in 1.6.1
Fixed in 1.5.8
Fixed in 1.0.5
Fixed in 2.2.1
No known fix
No known fix
Fixed in 1.32.3
No known fix
No known fix
Fixed in 0.10.3
Fixed in 2.3
Fixed in 1.4.0
Fixed in 1.1.9
Fixed in 1.2.3
No known fix
Fixed in 3.2.1
Fixed in 1.2.0
Fixed in 2.5.1
No known fix
Fixed in 1.7.1
Fixed in 2.1
Fixed in 1.5.0
Fixed in 1.4.1
No known fix
Fixed in 1.2.2
Fixed in 1.1.1
Fixed in 2.0.3
No known fix
Fixed in 1.9.3
No known fix
Fixed in 1.2.5
No known fix
Fixed in 2.2.44
Fixed in 1.4.0
No known fix
Fixed in 8.1.3
Fixed in 2.0.17
Fixed in 2.1
Fixed in 2.4
No known fix
No known fix
Fixed in 2.0.0
Fixed in 1.1.5
Fixed in 2.0.0
Fixed in 3.8.0
No known fix
Fixed in 1.4.0
No known fix
Fixed in 1.0.1
No known fix
Fixed in 1.1.13
Fixed in 1.14.3
Fixed in 11.3.8
Fixed in 5.3
No known fix
Fixed in 3.2.8
Fixed in 1.6.6
Fixed in 2.0.0
Fixed in 1.1.1
No known fix
Fixed in 1.5.1
Fixed in 5.159
Fixed in 1.0.11
No known fix
Fixed in 1.8.0b1
No known fix
Fixed in 5.4.9
Fixed in 3.0.9
No known fix
Fixed in 6.0
Fixed in 1.0.4
Fixed in 2.3.0
Fixed in 3.4.3
No known fix
Fixed in 2.4.0
Fixed in 0.6
Fixed in 3.1.1
Fixed in 1.1
Fixed in 2.0.2
Fixed in 7.1.0
Fixed in 1.2.9.1
Fixed in 4.0.19
No known fix
Fixed in 1.1.0
Fixed in 5.5.4
No known fix
Fixed in 3.7.9
No known fix
Fixed in 1.2.2
Fixed in 1.3.5
Fixed in 1.0.9
No known fix
Fixed in 1.1.0
Fixed in 2.3.3
No known fix
No known fix
Fixed in 9.2.1
No known fix
Fixed in 1.2.1
Fixed in 3.4.7
Fixed in 1.1
Fixed in 1.5
Fixed in 1.1.7
No known fix
Fixed in 1.4.1
No known fix
No known fix
No known fix
Fixed in 4.5.31
No known fix
No known fix
Fixed in 1.7.38
Fixed in 1.4
No known fix
No known fix
Fixed in 1.4.0 References
CVE
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Rafie Muhammad
Verified
No
WPVDB ID
Timeline
Publicly Published
2023-07-18 (about 2 years ago)
Added
2023-07-25 (about 2 years ago)
Last Updated
2024-10-28 (about 1 year ago)
WPScan 