CVE-2022-4974
CVSS V2 None
CVSS V3 None
Description
The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
Overview
- CVE ID
- CVE-2022-4974
- Assigner
- Wordfence
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-10-16T06:43:30.014Z
- Last Modified Date
- 2024-10-16T18:06:13.377Z
Weakness Enumerations
References
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-4974 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4974 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-10-17 12:09:54 | Added to TrackCVE |