WordPress Plugin Vulnerabilities

Unauthorised AJAX Calls via Freemius

Description

The plugins and themes use an insecure version of the Freemius Framework, which is lacking CSRF and/or authorisation in some of its AJAX actions. As a result, any authenticated users, such as subscriber could access the debug logs. Unauthenticated attackers could also make a logged in admin toggle the debug mode via a CSRF attack.

Proof of Concept

To access debug logs, as any authenticated user: https://example.com/wp-admin/admin-ajax.php?action=fs_get_debug_log

Affects Plugins

Plugin icon
fin-accounting-for-woocommerce
Fixed in 4.4.3
Plugin icon
gsheetconnector-ninja-forms
Fixed in 1.2.2
Plugin icon
pets
Fixed in 1.4.1
Plugin icon
starcat-review
Fixed in 0.8
Plugin icon
fast-wp
No known fix
Plugin icon
auto-robot
Fixed in 3.3.39
Plugin icon
wp-bing-search
Fixed in 2.4
Plugin icon
f4-tree
Fixed in 1.1.9
Plugin icon
next-order-coupon-woocommerce
No known fix
Plugin icon
checkbox
Fixed in 0.8.4
Plugin icon
full-picture-analytics-cookie-notice
Fixed in 3.2.0
Plugin icon
event-feed-for-eventbrite
Fixed in 1.0.7
Plugin icon
ultimate-sms-notifications
Fixed in 1.8.4
Plugin icon
upcasted-s3-offload
Fixed in 3.0.1
Plugin icon
protected-page
No known fix
Plugin icon
manage-gravity-forms-stripe-subscriptions
Fixed in 4.0
Plugin icon
reviewpress
No known fix
Plugin icon
my-instagram-feed
Fixed in 3.1.1
Plugin icon
seo-landing-page-generator
Fixed in 1.62.0
Plugin icon
twentyfourth-wp-scraper
No known fix
Plugin icon
events-calendar-registration-booking-by-events-plus
No known fix
Plugin icon
custom-product-type-for-woocommerce
Fixed in 1.2.1
Plugin icon
bulk-edit-events
Fixed in 1.1.9
Plugin icon
wp-sheet-editor-edd-downloads
Fixed in 1.0.49
Plugin icon
restrict-for-elementor
Fixed in 1.0.3
Plugin icon
better-messages-wcfm-integration
Fixed in 1.0.6
Plugin icon
floating-tiktok-button
Fixed in 1.0.5
Plugin icon
mobile-app-editor
Fixed in 1.1.2
Plugin icon
autocomplete-address-and-location-picker-for-woocommerce
Fixed in 1.0.9
Plugin icon
winterlock
Fixed in 1.0.23
Plugin icon
hire-me-widget
Fixed in 1.0.5
Plugin icon
deal-of-the-day
No known fix
Plugin icon
sprout-clients
Fixed in 3.2
Plugin icon
bulk-edit-posts-on-frontend
Fixed in 2.4.15
Plugin icon
mojito-shipping
Fixed in 1.3.9
Plugin icon
co2ok-for-woocommerce
Fixed in 1.0.9.22
Plugin icon
payment-page
Fixed in 1.1.1
Plugin icon
pro-links-maintainer-dev
No known fix
Plugin icon
customizely
Fixed in 1.1.1
Plugin icon
studiocart
Fixed in 2.3.1
Plugin icon
projectopia-core
Fixed in 5.0.7
Plugin icon
drip-feed-content-extended-for-learndash
No known fix
Plugin icon
sv100-companion
Fixed in 1.8.12
Plugin icon
florapress
Fixed in 1.0.7
Plugin icon
edge-gallery
No known fix
Plugin icon
padma-advanced
Fixed in 0.0.17
Plugin icon
better-captcha-gravity-forms
Fixed in 0.5.2
Plugin icon
easy-settings-for-learndash
No known fix
Plugin icon
hm-logo-showcase
Fixed in 1.9
Plugin icon
integration-of-capsule-crm-for-contact-form-7
No known fix
Plugin icon
more-better-reviews-for-woocommerce
Fixed in 3.0.7
Plugin icon
open-user-map
Fixed in 1.2.11
Plugin icon
out-of-stock-display-for-woocommerce
No known fix
Plugin icon
pinblocks
No known fix
Plugin icon
delivery-drivers-for-vendors
Fixed in 1.0.9
Plugin icon
sv-forms
Fixed in 1.8.10
Plugin icon
awesome-ssl
No known fix
Plugin icon
wp-attest
No known fix
Plugin icon
animate-everything
No known fix
Plugin icon
blockypage
No known fix
Plugin icon
remove-add-to-cart-button-for-woocommerce
Fixed in 1.0.3
Plugin icon
seo-content-randomizer
No known fix
Plugin icon
zip-codes-redirect
Fixed in 4.0.1
Plugin icon
sv-posts
Fixed in 1.8.03
Plugin icon
wc-gsheetconnector
Fixed in 1.2.3
Plugin icon
widgets-on-pages-and-posts
No known fix
Plugin icon
delivery-drivers-manager
Fixed in 1.1.6
Plugin icon
locations-and-areas
Fixed in 1.7.1
Plugin icon
review-engine
No known fix
Plugin icon
email-header-footer
No known fix
Plugin icon
rss-chimp
Fixed in 1.2.2
Plugin icon
rss-control
Fixed in 2.0.8
Plugin icon
atlas-knowledge-base
No known fix
Plugin icon
inbound-brew
No known fix
Plugin icon
pixel-for-web-stories
Fixed in 1.0.3
Plugin icon
protect-uploads-with-login-page
No known fix
Plugin icon
wp-conditional-post-restrictions
Fixed in 1.2.0
Plugin icon
w3swoozoho
Fixed in 1.3.0
Plugin icon
ua-marketplace
Fixed in 1.4.3
Plugin icon
sql-reporting-services
No known fix
Plugin icon
ultimate-gutenberg
No known fix
Plugin icon
cart-tracking-for-woocommerce
Fixed in 1.0.9
Plugin icon
podcast-box
Fixed in 1.0.2
Plugin icon
post-grid-for-elementor
Fixed in 1.1.1
Plugin icon
wp-woo-commerce-sync-for-g-sheet
No known fix
Plugin icon
pramadillo-activecampaign-email-preference-center
Fixed in 2.0.10
Plugin icon
extend-filter-products-by-price-widget
No known fix
Plugin icon
wc-j-upsellator
Fixed in 2.0.1
Plugin icon
localseomap-for-elementor
No known fix
Plugin icon
wp-stripe-express
Fixed in 1.7.7
Plugin icon
affieasy
Fixed in 1.0.4
Plugin icon
mobile-pages
Fixed in 1.0.1
Plugin icon
sv-columns-manager
Fixed in 1.8.02
Plugin icon
multiple-image-uploads-with-preview-for-wpforms
No known fix
Plugin icon
littlebot-invoices
No known fix
Plugin icon
better-messages-wc-vendors-integration
Fixed in 1.0.7
Plugin icon
octrace-support
Fixed in 1.2.3
Plugin icon
woo-simple-frontend-manager
Fixed in 1.0.3
Plugin icon
coupons
Fixed in 1.4.0
Plugin icon
integrate-automate
Fixed in 1.0.1
Plugin icon
sv-gravity-forms-enhancer
Fixed in 1.8.00
Plugin icon
payment-gateway-groups-for-woocommerce
Fixed in 1.1.3
Plugin icon
wp-stripe-global-payments
Fixed in 3.0
Plugin icon
video-reviews
Fixed in 1.2.3
Plugin icon
custom-registration-and-login-forms-with-new-recaptcha
No known fix
Plugin icon
fusionspan-impexium-single-sign-on
No known fix
Plugin icon
web-disrupt-funnelmentals
No known fix
Plugin icon
wpeform-lite
Fixed in 1.6.3
Plugin icon
flexible-faqs
Fixed in 0.5.11
Plugin icon
tk-smugmug-slideshow-shortcode
No known fix
Plugin icon
cryptocurrency
No known fix
Plugin icon
perelandra-sermons
No known fix
Plugin icon
woo-swatches-manager
No known fix
Plugin icon
slp-extended-data-manager
Fixed in 5.9.1
Plugin icon
import-holded-products-woocommerce
Fixed in 2.0
Plugin icon
streak-crm-for-gmail-integration-for-contact-form-7
No known fix
Plugin icon
wp-search-filter
No known fix
Plugin icon
frontend-group-restriction-for-learndash
No known fix
Plugin icon
wp-my-admin-bar
No known fix
Plugin icon
mobile-booster
Fixed in 1.2.1
Plugin icon
dashylite
No known fix
Plugin icon
woo-admin-product-notes
No known fix
Plugin icon
gyta-buyback
Fixed in 1.1.7
Plugin icon
conversion-de-moneda
No known fix
Plugin icon
demomentsomtres-address
No known fix
Plugin icon
seo-checklist
No known fix
Plugin icon
duplicate-variations-for-woocommerce
No known fix
Plugin icon
sparrow
No known fix
Plugin icon
hooked-editable-content
No known fix
Plugin icon
ssl-atlas-free-ssl-certificate-https-redirect
Fixed in 1.1.1
Plugin icon
scheduled-notification-bar
No known fix
Plugin icon
sales-page-addon
Fixed in 1.3
Plugin icon
run-time-image-resizing
No known fix
Plugin icon
abeta-punchout
Fixed in 1.0.0
Plugin icon
sticky-add-to-cart-for-woo
No known fix
Plugin icon
dancepress-trwa
Fixed in 2.4.6
Plugin icon
ecommerce-addon
Fixed in 1.3
Plugin icon
edd-tab-manager
Fixed in 1.3.1
Plugin icon
convoworks-wp
Fixed in 0.22.14
Plugin icon
tranzly
Fixed in 1.1.0
Plugin icon
demomentsomtres-media-tools-auto
No known fix
Plugin icon
content-sidebars
Fixed in 1.6.8
Plugin icon
rankbear
No known fix
Plugin icon
raise-prices-with-sales-for-woocommerce
Fixed in 1.3.1
Plugin icon
elements-for-lifterlms
No known fix
Plugin icon
quick-affiliate-store
No known fix
Plugin icon
upfiv-complete-all-in-one-seo-wizard
No known fix
Plugin icon
emails-blacklist-everest-forms
Fixed in 1.0.4
Plugin icon
wc-cross-seller
No known fix
Plugin icon
expire-tags
No known fix
Plugin icon
postcode-redirect
Fixed in 4.0.2
Plugin icon
feedback-suite
No known fix
Plugin icon
cf7-constant-contact-fields-mapping
No known fix
Plugin icon
payments-stripe-gateway
Fixed in 1.2.1
Plugin icon
blocked-in-china
Fixed in 1.0.3
Plugin icon
order-and-inventory-manager-for-woocommerce
No known fix
Plugin icon
better-comments
Fixed in 1.4
Plugin icon
before-and-after-product-images-for-woocommerce
No known fix
Plugin icon
avectra-netforum-single-sign-on
Fixed in 1.3.4
Plugin icon
autosave-net
No known fix
Plugin icon
wp-automedic
Fixed in 1.5.3
Plugin icon
nexus
No known fix
Plugin icon
netforum-directory-with-importer
No known fix
Plugin icon
wp-bugbot
No known fix
Plugin icon
any-popup
No known fix
Plugin icon
multifox-plus
Fixed in 1.1.1
Plugin icon
modern-designs-for-gravity-forms
No known fix
Plugin icon
wp-foft-loader
Fixed in 2.1.21
Plugin icon
ai-mojo
Fixed in 0.2.5
Plugin icon
wp-get-personal-lite
No known fix
Plugin icon
wp-hr-gdpr
Fixed in 0.9
Plugin icon
agendapress
Fixed in 1.0.6
Plugin icon
menu-item-scheduler
No known fix
Plugin icon
forcefield
Fixed in 1.0.2
Plugin icon
master-blocks
No known fix
Plugin icon
wp-relevant-ads
No known fix
Plugin icon
wp-store-locator-extenders
Fixed in 1.3.1
Plugin icon
gfirem-action-after
No known fix
Plugin icon
gfirem-advance-search
No known fix
Plugin icon
wpgenealogy
Fixed in 0.1.3
Plugin icon
wphobby-demo-import
No known fix
Plugin icon
wpmailer
No known fix
Plugin icon
xatkit-chatbot-connector
Fixed in 2.1.4
Plugin icon
shipping-manager-for-woocommerce
Fixed in 1.3.0
Plugin icon
simple-cart-solution
Fixed in 1.0.2
Plugin icon
distancr
Fixed in 1.1.8
Plugin icon
wp-structured-data-schema
Fixed in 4.0.2
Plugin icon
booking-weir
Fixed in 1.0.11
Plugin icon
payment-gateway-payfabric
Fixed in 1.0.11
Plugin icon
edd-venmo
No known fix
Plugin icon
book-buyback-prices
No known fix
Plugin icon
past-events-extension
No known fix
Plugin icon
bo-wc-customer-review-watson
No known fix
Plugin icon
woo-paylate
Fixed in 1.5
Plugin icon
blogsafe-scanner
Fixed in 1.1.5
Plugin icon
recurwp
No known fix
Plugin icon
files-download-delay
Fixed in 1.0.4
Plugin icon
admin-quick-panel
Fixed in 1.2.6
Plugin icon
block-styler-for-gravity-forms
Fixed in 6.1.0
Plugin icon
woo-seo-content-randomizer-addon
Fixed in 1.2.2
Plugin icon
better-sharing
Fixed in 1.7.3
Plugin icon
tedwp
Fixed in 0.0.5
Plugin icon
tecslider
Fixed in 1.0.1
Plugin icon
kvoucher
No known fix
Plugin icon
one-click-login
No known fix
Plugin icon
tec-subscriber-addons
Fixed in 2.0.1
Plugin icon
tabs-with-posts
No known fix
Plugin icon
krsp-frontend-file-upload
No known fix
Plugin icon
edd-courses
Fixed in 0.1.1
Plugin icon
admin-notices-for-team
No known fix
Plugin icon
number-chat
No known fix
Plugin icon
azw-woocommerce-file-uploads
No known fix
Plugin icon
nugget-by-ingot
No known fix
Plugin icon
guestofy-restaurant-reservations
No known fix
Plugin icon
goauth
Fixed in 2.20
Plugin icon
gfirem-fields
No known fix
Plugin icon
automizy-gravity-forms
No known fix
Plugin icon
nofollow-jquery-links
Fixed in 1.4.1
Plugin icon
nitek-carousel-cool-transitions
No known fix
Plugin icon
automail
Fixed in 1.0.1
Plugin icon
ninjalibs-ses
No known fix
Plugin icon
hm-testimonial
Fixed in 1.4
Plugin icon
floating-awesome-button
Fixed in 1.5.14
Plugin icon
giveaways-for-woocommerce
No known fix
Plugin icon
sync-ecommerce-neo
No known fix
Plugin icon
smart-protect
No known fix
Plugin icon
joli-clear-lightbox
Fixed in 1.0.3
Plugin icon
issues-tracker
Fixed in 1.0.8
Plugin icon
edd-cashapp
No known fix
Plugin icon
custom-user-guide
Fixed in 1.0.1
Plugin icon
apperr
Fixed in 0.1
Plugin icon
wpcs-content-scheduler
Fixed in 1.2.0
Plugin icon
guest-author-affiliate
Fixed in 1.1.5
Plugin icon
sv-media-library
Fixed in 1.8.01
Plugin icon
wp-dev-powers-acf-color-coded-field-types
No known fix
Plugin icon
wp-dev-powers-display-screen-dimensions-to-admin
No known fix
Plugin icon
wp-dev-powers-element-selector-jquery-powers
No known fix
Plugin icon
slp-gravity-forms-locations
Fixed in 5.9.1
Plugin icon
focus-on-reviews-for-woocommerce
No known fix
Plugin icon
wpformify
Fixed in 1.1.0
Plugin icon
food-recipes
Fixed in 2.1.2
Plugin icon
custom-welcome-guide
Fixed in 1.0.6
Plugin icon
goon-plugin-control
Fixed in 1.2.6
Plugin icon
glorious-services-support
Fixed in 2.0.0
Plugin icon
foopeople
No known fix
Plugin icon
internal-comments
Fixed in 1.2.3
Plugin icon
superfast-mailgun-newsletter
Fixed in 1.1.6
Plugin icon
wp-gratify
No known fix
Plugin icon
gsheetconnector-easy-digital-downloads
Fixed in 1.3
Plugin icon
mobile-blocks
Fixed in 1.2.1
Plugin icon
wp-lead-stream
No known fix
Plugin icon
sheetpress
No known fix
Plugin icon
missing-widgets-for-elementor
Fixed in 1.1.0
Plugin icon
glorious-sites-installer
No known fix
Plugin icon
slp-extenders
Fixed in 5.9.1
Plugin icon
ws-bootstrap-vc
No known fix
Plugin icon
rm-mailchimp-manager
No known fix
Plugin icon
free-product-sample
Fixed in 1.0.1
Plugin icon
super-transactional-emails-for-woocommerce
Fixed in 1.2.4
Plugin icon
role-and-customer-based-pricing-for-woocommerce
Fixed in 1.0.2
Plugin icon
full-page-blog-designer
No known fix
Plugin icon
locked-payment-methods-for-woocommerce
Fixed in 1.3.4
Plugin icon
advanced-wp-table
Fixed in 1.2.1
Plugin icon
delivery-woo
No known fix
Plugin icon
easy-prayer
No known fix
Plugin icon
wp-scrive
Fixed in 1.2.3
Plugin icon
secure-ip-logins
No known fix
Plugin icon
advanced-database-replacer
No known fix
Plugin icon
send-prebuilt-emails
No known fix
Plugin icon
south-pole-the-offset-movement
Fixed in 1.0.2.0
Plugin icon
social-kit
No known fix
Plugin icon
listplus
No known fix
Plugin icon
price-bands-for-woocommerce
No known fix
Plugin icon
pretty-opt-in-lite
Fixed in 1.2.2
Plugin icon
vit-website-reviews
No known fix
Plugin icon
wadi-survey
No known fix
Plugin icon
pretty-grid
Fixed in 1.0.8
Plugin icon
linked-orders-for-woocommerce
Fixed in 1.2.1
Plugin icon
visitor-info
No known fix
Plugin icon
product-table
No known fix
Plugin icon
expandable-paywall
Fixed in 2.0.11
Plugin icon
seo-for-local
Fixed in 9.1.3
Plugin icon
clean-social-icons
No known fix
Plugin icon
choice-payment-gateway-for-woocommerce
Fixed in 2.0.2
Plugin icon
variable-product-swatches
Fixed in 1.0.2
Plugin icon
child-support-calculator
Fixed in 1.0.2
Plugin icon
wcc-seo-keyword-research
No known fix
Plugin icon
utilitify
Fixed in 1.0.7
Plugin icon
codepile
Fixed in 1.0.6
Plugin icon
extreme-blocks
Fixed in 0.8.1
Plugin icon
wgauge
No known fix
Plugin icon
demomentsomtres-grid-archive
No known fix
Plugin icon
check-zipcode
No known fix
Plugin icon
puredevs-customer-history-for-woocommerce
Fixed in 1.0.1
Plugin icon
featured-image-toolkit
No known fix
Plugin icon
ultra-elementor-addons
No known fix
Plugin icon
pop-over-xyz
No known fix
Plugin icon
snazzyadmin-wp-admin-theme
No known fix
Plugin icon
connected-sermons
No known fix
Plugin icon
smart-tools-for-woocommerce
Fixed in 1.0.9
Plugin icon
quote-requests-for-woocommerce
Fixed in 1.0.3
Plugin icon
cartoon-url
No known fix
Plugin icon
elegant-calendar-lite
Fixed in 1.5.8
Plugin icon
content-hubs
Fixed in 1.0.7
Plugin icon
campation-postoffice
Fixed in 1.1.7
Plugin icon
pickup-and-delivery-from-customer-locations-for-woocommerce
Fixed in 1.0.2
Plugin icon
feedbackscout
No known fix
Plugin icon
performance-kit
No known fix
Plugin icon
rate-limiting-for-contact-form-7
Fixed in 1.0.4
Plugin icon
bsd-woo-stripe-connect-split-pay
Fixed in 3.2.1
Plugin icon
5-stars-rating-funnel
Fixed in 1.2.54
Plugin icon
a-staff
No known fix
Plugin icon
acf-engine
No known fix
Plugin icon
active-user
No known fix
Plugin icon
adblock-notify-by-bweb
No known fix
Plugin icon
addendio
No known fix
Plugin icon
advanced-exchange-rates
No known fix
Plugin icon
ajax-add-to-cart-for-woocommerce
No known fix
Plugin icon
ajax-live-search
No known fix
Plugin icon
all-in-one-video-downloader
No known fix
Plugin icon
auto-post-woocommerce-products
No known fix
Plugin icon
automatic-post-categories
No known fix
Plugin icon
awesome-social-icons
No known fix
Plugin icon
bemax-elementor
No known fix
Plugin icon
blocks-bakery
No known fix
Plugin icon
bng-gateway-for-woocommerce
No known fix
Plugin icon
bp-wc-vendors
No known fix
Plugin icon
buddyforms-easypin
No known fix
Plugin icon
canecto
No known fix
Plugin icon
cart-weight-for-woocommerce
No known fix
Plugin icon
cf7-customizer
No known fix
Plugin icon
clinicalwp-core
No known fix
Plugin icon
coming-soon-blocks
No known fix
Plugin icon
compare-affiliated-products
No known fix
Plugin icon
content-collector
No known fix
Plugin icon
convert-classic-editor-to-blocks
No known fix
Plugin icon
cpt-onomies
No known fix
Plugin icon
custom-tiktok-video-feed
No known fix
Plugin icon
customer-chat-facebook
No known fix
Plugin icon
demomentsomtres-categories
No known fix
Plugin icon
demomentsomtres-classify-on-publish
No known fix
Plugin icon
devices
No known fix
Plugin icon
dse-divi-section-enhancer
No known fix
Plugin icon
easy-call-now-button
No known fix
Plugin icon
easy-slideshow
No known fix
Plugin icon
easy-wp-cookie-popup
No known fix
Plugin icon
enhanced-catalog-images-for-woocommerce
No known fix
Plugin icon
fb-account-kit-login
No known fix
Plugin icon
finpose
No known fix
Plugin icon
flight-search-widget-blocks
No known fix
Plugin icon
form-to-sheet
No known fix
Plugin icon
forms-to-klaviyo
No known fix
Plugin icon
forms-to-sendinblue
No known fix
Plugin icon
freemage
No known fix
Plugin icon
freshing
No known fix
Plugin icon
fullworks-directory
No known fix
Plugin icon
fullworks-firewall
No known fix
Plugin icon
fullworks-ice-ide-integration
No known fix
Plugin icon
fullworks-pricing-tables
No known fix
Plugin icon
fullworks-slack
No known fix
Plugin icon
geo-request
No known fix
Plugin icon
global-income-stats-from-freemius
No known fix
Plugin icon
gmb-manager
No known fix
Plugin icon
go-dash
No known fix
Plugin icon
go-fetch-jobs-jobengine
No known fix
Plugin icon
gravity-forms-sticky-list
No known fix
Plugin icon
hotjar-connecticator
No known fix
Plugin icon
import-social-statistics
No known fix
Plugin icon
kanzu-support-desk
No known fix
Plugin icon
llama-redirect
No known fix
Plugin icon
material-design-for-contact-form-7
No known fix
Plugin icon
miguras-divi-enhancer
No known fix
Plugin icon
miguras-divi-maker
No known fix
Plugin icon
multilist-subscribe-for-sendy
No known fix
Plugin icon
my-chatbot
No known fix
Plugin icon
newsletter-image-generator
No known fix
Plugin icon
noted-pro
No known fix
Plugin icon
notification-plus
No known fix
Plugin icon
one-page-blocks
No known fix
Plugin icon
page-studio-lite
No known fix
Plugin icon
page-visit-counter
No known fix
Plugin icon
pdf-invoices-for-woocommerce
No known fix
Plugin icon
premmerce-woocommerce-pinterest
No known fix
Plugin icon
premmerce-woocommerce-product-bundles
No known fix
Plugin icon
premmerce-woocommerce-toolkit
No known fix
Plugin icon
preprocess-dezrez
No known fix
Plugin icon
press-elements
No known fix
Plugin icon
product-shipping-countdown-free-version
No known fix
Plugin icon
quick-audio-player
No known fix
Plugin icon
quick-orders-for-woocommerce
No known fix
Plugin icon
quote-press
No known fix
Plugin icon
random-sorting-order-for-woocommerce
No known fix
Plugin icon
reach-us-contact-form
No known fix
Plugin icon
recurring-bookings-for-woocommerce
No known fix
Plugin icon
resermy
No known fix
Plugin icon
rocket-addons
No known fix
Plugin icon
rw-divi-unite-gallery
No known fix
Plugin icon
script-planner
No known fix
Plugin icon
section-slider
No known fix
Plugin icon
set-admin-colour-on-staging-and-dev
No known fix
Plugin icon
simple-youtube-gdpr
No known fix
Plugin icon
simplelender-by-umatidocs-com
No known fix
Plugin icon
simplemortgage
No known fix
Plugin icon
smart-admin-menu-filter
No known fix
Plugin icon
super-notes
No known fix
Plugin icon
supportbubble
No known fix
Plugin icon
table-genie
No known fix
Plugin icon
template-manager
No known fix
Plugin icon
tk-event-weather
No known fix
Plugin icon
tweet-old-custom-post
No known fix
Plugin icon
typea-ftc-disclosure
No known fix
Plugin icon
user-magic
No known fix
Plugin icon
wc-rest-payment
No known fix
Plugin icon
wcsm-search-merchandising
No known fix
Plugin icon
widgets-for-siteorigin
No known fix
Plugin icon
windsor-strava-athlete
No known fix
Plugin icon
windsor-strava-club
No known fix
Plugin icon
woo-advance-search
No known fix
Plugin icon
woo-nmi-three-step
No known fix
Plugin icon
woo-order-status-per-product
No known fix
Plugin icon
woo-quick-cart-for-multiple-variations
No known fix
Plugin icon
woo-quick-reports
No known fix
Plugin icon
woo-remove-cart-and-query-button
No known fix
Plugin icon
wookit
No known fix
Plugin icon
woorocks-magic-content
No known fix
Plugin icon
woorocks-magic-content-for-siteorigins-pagebuilder
No known fix
Plugin icon
wordapp-mobile-app
No known fix
Plugin icon
wp-advance-comment
No known fix
Plugin icon
wp-buddha-free-adwords
No known fix
Plugin icon
wp-custom-field-for-gutenberg-editor
No known fix
Plugin icon
wp-expert-agent-xml-feed
No known fix
Plugin icon
wp-phone-message
No known fix
Plugin icon
wp-private-media
No known fix
Plugin icon
wp-pro-counter
No known fix
Plugin icon
wp-rest-filter
No known fix
Plugin icon
wp-rest-user
No known fix
Plugin icon
wpbricks
No known fix
Plugin icon
wpg-videos
No known fix
Plugin icon
wphelpkit
Fixed in 1.1
Plugin icon
wpworx-faq
No known fix

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Verified
Yes
WPVDB ID
b7d9c54a-9a9a-48ad-bb78-e30340963236

Timeline

Publicly Published
2022-02-28 (about 2 years ago)
Added
2022-02-28 (about 2 years ago)
Last Updated
2024-04-29 (about 16 days ago)

Other

Published
Title
Published
2024-03-29
Title
DELUCKS SEO < 2.5.5 - Missing Authorization
Published
2023-10-06
Title
Bold Timeline Lite < 1.2.0 - Missing Authorization to Admin Notice Dismissal
Published
2021-11-10
Title
Meks Easy Photo Feed Widget < 1.2.4 - Subscriber+ Settings Update to Stored XSS
Published
2023-11-14
Title
WP Courses LMS < 3.2.4 - Subscriber+ Arbitrary Options Update
Published
2023-10-11
Title
IMPress Listings <= 2.6.2 - Missing Authorization