Log out
Get PRO

Latest

Access violation vulnerability in Freemius SDK (134 components affected)

  • Severity: high-risk
  • Status: Open
  • Publication: February 25, 2019

The Freemius SDK is a plugin used in WordPress websites. A security vulnerability was discovered in versions up to 2.2.3 which could allow users with subscriber-level permissions to change settings and take control of the website. This vulnerability was caused by a missing capability check on two functions, _get_db_option and _set_db_option.

Detected in:

404 to 301 – Redirect, Log and Notify 404 Errors fixed vulnerable versions: >= * < 3.0.2
Accordion / FAQ / Docs – Helpie WordPress FAQ Accordion plugin fixed vulnerable versions:
Accordion & FAQ – Helpie WordPress FAQ Accordion plugin fixed vulnerable versions:
Accordion & FAQ – Helpie WordPress Frequently Asked Questions plugin fixed vulnerable versions: >= * < 0.7.2
Add Pinterest conversion tags for Pinterest Ads + Site verification fixed vulnerable versions: >= * < 1.0.2
Advanced Classifieds & Directory Pro fixed vulnerable versions: >= * < 1.6.3
Best WordPress Gallery Plugin – FooGallery fixed vulnerable versions: >= * < 1.6.17
ClimateClick: Climate Action for all fixed vulnerable versions:
Contact Form 7 Multi-Step Forms fixed vulnerable versions: >= * < 3.0.9
Content Aware Sidebars – Fastest Widget Area Plugin fixed vulnerable versions:
Delete Duplicate Posts fixed vulnerable versions: >= * < 4.1.9.5
Easy Digital Downloads – Courses fixed vulnerable versions: >= * < 0.1.1
Easy Watermark fixed vulnerable versions: >= * < 0.7.1
Elementor Addons by Livemesh fixed vulnerable versions:
Error Log Monitor fixed vulnerable versions: >= * < 1.6.5
FAQ / Accordion / Docs – Helpie WordPress FAQ Accordion plugin fixed vulnerable versions:
FAQ / Accordion / Docs / KB – Helpie WordPress FAQ Accordion plugin fixed vulnerable versions:
FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel fixed vulnerable versions:
Global Income Stats from Freemius fixed vulnerable versions: >= * <= 1.0.0
Image Photo Gallery Final Tiles Grid fixed vulnerable versions: >= * < 3.3.57
Import Social Statistics fixed vulnerable versions: >= * <= 1.0.2
Lightbox & Modal Popup WordPress Plugin – FooBox fixed vulnerable versions: >= * < 2.6.4
Lightweight Widget Area Plugin – Content Aware Sidebars fixed vulnerable versions: >= * < 3.8.1
Livemesh SiteOrigin Widgets fixed vulnerable versions: >= * < 2.5.2
NextGEN Gallery – Create an Amazing Photo Gallery in Seconds fixed vulnerable versions:
Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery fixed vulnerable versions:
Popup Maker – Boost Sales & Grow Optin Subscribers with Customizable WP Popups fixed vulnerable versions:
Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder fixed vulnerable versions:
Popup Maker – Popup for opt-ins, lead gen, & more fixed vulnerable versions: >= * < 1.8.3
Popup Maker – The Best WordPress popup plugin for boosting sales & growing subsribers fixed vulnerable versions:
Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) fixed vulnerable versions:
Post Snippets – Custom WordPress Code Snippets Customizer fixed vulnerable versions: >= * < 3.0.6
Premmerce Product Filter for WooCommerce fixed vulnerable versions: >= * < 3.2
Premmerce Variation Swatches for WooCommerce fixed vulnerable versions: >= * < 1.1
Premmerce Wholesale Pricing for WooCommerce fixed vulnerable versions: >= * < 1.1.4
Premmerce Wishlist for WooCommerce fixed vulnerable versions: >= * < 1.1.3
Product Feed Manager – WooCommerce to Google Shopping, Social Catalogs, and 170+ Popular Marketplaces fixed vulnerable versions: >= * < 2.2.3.1
Product Feed Manager- WooCommerce Product Feeds For Google Shopping, Social Catalog, TikTok Ads, and 180+ Popular Marketplaces fixed vulnerable versions:
Product Feed Manager- WooCommerce Product Feeds For Google Shopping, Social Catalog, TikTok Shop, and 180+ Popular Marketplaces fixed vulnerable versions:
Product Feed Manager- WooCommerce Product Feeds For Google Shopping, Social Catalog, TikTok, and 180+ Popular Marketplaces fixed vulnerable versions:
Revolution for Elementor fixed vulnerable versions: >= * <= 0.0.19
RW Divi Unite Gallery fixed vulnerable versions: >= * <= 1.0
Sprout Clients – CRM and Lead Management fixed vulnerable versions: >= * <= 3.1
Stop User Enumeration fixed vulnerable versions: >= * < 1.3.20
Ultimeter fixed vulnerable versions: >= * < 1.9.3
WordPress Gallery Plugin – NextGEN Gallery fixed vulnerable versions: >= * < 3.1.7
WordPress Robots.txt optimizer (+ XML Sitemap) – Boost SEO, Traffic & Rankings fixed vulnerable versions:
WP Activity Log fixed vulnerable versions: >= * < 3.3.1.2
WP Affiliate Disclosure fixed vulnerable versions: >= * < 1.1.4
WP fail2ban – Advanced Security fixed vulnerable versions:
WP fail2ban – Advanced Security Plugin fixed vulnerable versions:
WP Mobile Menu – The Mobile-Friendly Responsive Menu fixed vulnerable versions: >= * < 2.7.3
WP Munich Blocks – Gutenberg Blocks for WordPress fixed vulnerable versions: >= * < 0.7.3
WP Photo Effects fixed vulnerable versions: >= * < 1.2.3
WP to Twitter fixed vulnerable versions: >= * < 3.3.0
XPoster fixed vulnerable versions:
XPoster – Share to Bluesky and Mastodon fixed vulnerable versions:
XPoster – Share to Twitter/X from WordPress fixed vulnerable versions:
XPoster – Share to X and Mastodon fixed vulnerable versions:
a-staff – Team member showcase plugin for WordPress open vulnerable versions: >= * <= 1.2.2
Addendio LITE – Find WordPress plugins and themes open vulnerable versions: >= * <= 1.2.2
Affiliate Link Builder Plugin for Amazon Associates – Review Engine open vulnerable versions: >= * <= 1.0.41
Ant Admin Notices for Team open vulnerable versions: >= * < 1.0.4
Any Popup – Popup Forms, Optins & Ads open vulnerable versions: >= * <= 1.0
Automatic Post Categories open vulnerable versions: >= * <= 1.0
Bani open vulnerable versions: >= * <= 1.0.7
BAVOKO SEO Tools – All-in-One WordPress SEO open vulnerable versions: >= * < 2.1.9.8
Before and After Product Images for WooCommerce open vulnerable versions: >= * <= 1.0.3
Brand open vulnerable versions: >= * <= 1.9.1
BuddyForms EasyPin open vulnerable versions: >= * <= 1.0.1
BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages open vulnerable versions: >= * < 3.2.6.1
ConsultPress Lite open vulnerable versions: >= * <= 1.2.3
Contact Form for WordPress- Cybrosys open vulnerable versions: >= * <= 5.0
Content Collector open vulnerable versions: >= * <= 1.1.1
Content Slider for WP Posts (Section Slider) open vulnerable versions: >= * <= *
CP Image Gallery open vulnerable versions: >= * <= 1.0.1
CP Simple Newsletter open vulnerable versions: >= * <= 1.1
Cryptocurrency Portfolio Tracker open vulnerable versions: >= * <= 0.0.17
Custom Registration and Custom Login Forms with New Recaptcha open vulnerable versions: >= * <= 1.1
Customer Chat Facebook open vulnerable versions: >= * <= 1.1.1
DeMomentSomTres Address open vulnerable versions: >= * <= 2.1
DeMomentSomTres Categories open vulnerable versions: >= * <= 201704251008
DeMomentSomTres Classify on Publish open vulnerable versions: >= * <= 201703020805
DeMomentSomTres Grid Archive open vulnerable versions: >= * <= 2.1
DeMomentSomTres Media Tools Auto open vulnerable versions: >= * <= 2.0
Device Frame open vulnerable versions: >= * <= 1.0.0
Drop Shadow Boxes open vulnerable versions: >= * < 1.7.2
Easy Code Snippets open vulnerable versions: >= * < 1.0.1
EDD Tab Manager open vulnerable versions: >= * < 1.3.1
enhanced-catalog-images-for-woocommerce open vulnerable versions: >= * <= 1.0.1
Expire tags open vulnerable versions: >= * <= 1.1
Fast WordPress open vulnerable versions: >= * <= 1.0.3
FIT: Featured Image Toolkit open vulnerable versions: >= * <= 1.0.3
freemage open vulnerable versions: >= * <= 1.0
FTC Disclosure open vulnerable versions: >= * <= 2.0
Funnelmentals open vulnerable versions: >= * < 1.2.9
Get feedback from visitors – WP Feedback Suite Plugin open vulnerable versions: >= * <= 1.0.5
GFireM Action After open vulnerable versions: >= * <= 1.1.6
GFireM Advance Search open vulnerable versions: >= * <= 1.2.2
GFireM Fields open vulnerable versions: >= * <= 1.1.7
Giveaways for woocommerce open vulnerable versions: >= * <= 1.0.0
go-fetch-jobs-jobengine open vulnerable versions: >= * <= 1.0
Gravity Forms Sticky List open vulnerable versions: >= * <= 1.5.2
Inbound Brew open vulnerable versions: >= * <= 1.9.4
Insert or Embed Articulate Content into WordPress open vulnerable versions: >= * < 4.2997
Kanzu Support Desk – WordPress Helpdesk Plugin open vulnerable versions: >= * <= 2.4.7
KRSP Frontend File Uploader open vulnerable versions: >= * <= 1.0
Livemesh Addons for Elementor open vulnerable versions: >= * < 2.6
Magic Content for Siteorigins Pagebuilder open vulnerable versions: >= * <= 1.0.1
MailChimp Manager open vulnerable versions: >= * <= 1.0.2
Master Blocks – Gutenberg Site Builder open vulnerable versions: >= * <= 1.0.4
Multilist Subscribe for Sendy open vulnerable versions: >= * <= 1.6.1
NEXUS open vulnerable versions: >= * <= 2.0
Nitek Carousel Slider Cool Transitions open vulnerable versions: >= * <= 1.1.0
Nugget by Ingot: Easy, automated and native A/B testing for everyone open vulnerable versions: >= * <= 1.0.0
One Page Blocks open vulnerable versions: >= * <= 1.0.0
Online Booking for Barbershops and Salons open vulnerable versions: >= * <= 1.0.0
Page Studio Lite Plugin open vulnerable versions: >= * <= 1.0.6
Past Events Extension open vulnerable versions: >= * <= 1.0.1
Perelandra Sermons open vulnerable versions: >= * <= 1.1.0
Press Elements – Widgets for Elementor open vulnerable versions: >= * <= 1.7.2
Price Bands for WooCommerce open vulnerable versions: >= * <= 1.0.4
Product Tables for WooCommerce: Quickster open vulnerable versions: >= * <= 1.0.2
Purus open vulnerable versions: >= * <= 1.2.2
Random Sorting Order for WooCommerce open vulnerable versions: >= * <= 1.0
Remove WP Update Nags open vulnerable versions: >= * < 1.4.0
Run time Image resizing open vulnerable versions: >= * <= 1.1
SheetPress – Manage WordPress Meta data with Google Sheets open vulnerable versions: >= * <= 1.1
Shuban open vulnerable versions: >= * <= 1.1.2
Simple Giveaways – Grow your business, email lists and traffic with contests open vulnerable versions: >= * < 2.18.0
SnazzyAdmin WP Admin Theme open vulnerable versions: >= * <= 1.0.2
Social Gallery Lite open vulnerable versions: >= * <= 3.1
Social Share Icons & Social Share Buttons open vulnerable versions: >= * < 3.0.4
Speculor open vulnerable versions: >= * <= 1.2.0
Starfish Review Generation & Marketing for WordPress open vulnerable versions: >= * < 2.0.1
TinyMCE Annotate open vulnerable versions: >= * <= 1.1.2
Turbo Widgets open vulnerable versions: >= * <= 2.0.0
Ultimate Widgets Light open vulnerable versions: >= * <= 1.5.9.4
wGauge – Free Version open vulnerable versions: >= * <= 1.0.0
Widgets for SiteOrigin open vulnerable versions: >= * < 1.4.3
Widgets on Pages and Posts open vulnerable versions: >= * <= 1.4.0
Woo Admin Product Notes open vulnerable versions: >= * <= 1.0.0
WooCommerce Next Order Coupon open vulnerable versions: >= * <= 0.4.0
WooRocks Magic Content open vulnerable versions: >= * <= 1.0.17
WordPress Animation Plugin – Animated Everything open vulnerable versions: >= * <= 1.3.2
WordPress Cloaking – Show & Create Geo-Targeted Custom HTML Plugin – GeoRequest open vulnerable versions: >= * <= 0.1.9
WordPress FAQ Plugin – WPWorx open vulnerable versions: >= * <= 2.0.0
WordPress Reviews by ReviewPress open vulnerable versions: >= * <= 1.0.5
WP Advanced Comment open vulnerable versions: >= * <= 0.3
WP Author Bio open vulnerable versions: >= * <= 1.5.5
WP Private Media open vulnerable versions: >= * <= 1.0.1
WP Pro Counter open vulnerable versions: >= * <= 1.1
WP Relevant Ads open vulnerable versions: >= * <= 1.0.0
wp-buddha-free-adwords open vulnerable versions: >= * <= 1.0.0

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.

Join our mailing list - 6 Tips & Tricks in your inbox over the next days!

Plugins

© Really Simple Plugins
CoC 70461155
Kalmarweg 14-5
9723 JG, Groningen (NL)

Wordpress Linkedin Github

Get Started

About

Popular articles