Access violation vulnerability in Freemius SDK (134 components affected)
Severity: high-risk
Status: Open
Publication: February 25, 2019
The Freemius SDK is a plugin used in WordPress websites. A security vulnerability was discovered in versions up to 2.2.3 which could allow users with subscriber-level permissions to change settings and take control of the website. This vulnerability was caused by a missing capability check on two functions, _get_db_option and _set_db_option.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Home » Vulnerabilities » Access violation vulnerability in Freemius SDK (134 components affected)
Latest
Passkeys: no need for Limit Login Attempts?
Configuring Really Simple Security with WP-CLI
How to Fix The “Link you followed has Expired” error on WordPress
404 not found errors
Protecting site visitors with Security Headers
Hardening your website’s security
Access violation vulnerability in Freemius SDK (134 components affected)
The Freemius SDK is a plugin used in WordPress websites. A security vulnerability was discovered in versions up to 2.2.3 which could allow users with subscriber-level permissions to change settings and take control of the website. This vulnerability was caused by a missing capability check on two functions, _get_db_option and _set_db_option.
Detected in:
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.