Plugin And Theme Vulnerability Report


Plugin And Theme Vulnerability Report

400+ plugins and 25+ theme vulnerabilities that need attention today.

Vulnerable plugins and themes are the #1 reason WordPress websites get hacked. Our teams work diligently for our customers to assure a safe environment online to do business.

WordPress Plugin Vulnerabilities – Unauthorised AJAX Calls via Freemius

Description
The plugins and themes use an insecure version of the Freemius Framework, which is lacking CSRF and/or authorization in some of its AJAX actions. As a result, any authenticated users, such as subscribers could access the debug logs. Unauthenticated attackers could also make a logged-in admin toggle the debug mode via a CSRF attack.

Proof of Concept
The PoC will be displayed on March 14, 2022, to give users the time to update.

View the growing list of 400+ plugins and 25+ themes with vulnerabilities published on WPScan.

Thank you for viewing our Plugin And Theme Vulnerability Report. Please share this post with your friends to help get the word out and make WordPress safer for everyone!