Home » Vulnerabilities » Access violation vulnerability in Freemius SDK (134 components affected)

Latest

Access violation vulnerability in Freemius SDK (134 components affected)

Severity: high-risk
Status: Open
Publication: February 25, 2019

The Freemius SDK is a plugin used in WordPress websites. A security vulnerability was discovered in versions up to 2.2.3 which could allow users with subscriber-level permissions to change settings and take control of the website. This vulnerability was caused by a missing capability check on two functions, _get_db_option and _set_db_option.

Detected in:

404 to 301 – Redirect, Log and Notify 404 Errors fixed vulnerable versions: >= * < 3.0.2

Accordion / FAQ / Docs – Helpie WordPress FAQ Accordion plugin fixed vulnerable versions:

Accordion & FAQ – Helpie WordPress FAQ Accordion plugin fixed vulnerable versions:

Accordion & FAQ – Helpie WordPress Frequently Asked Questions plugin fixed vulnerable versions: >= * < 0.7.2

Add Pinterest conversion tags for Pinterest Ads + Site verification fixed vulnerable versions: >= * < 1.0.2

Advanced Classifieds & Directory Pro fixed vulnerable versions: >= * < 1.6.3

Best WordPress Gallery Plugin – FooGallery fixed vulnerable versions: >= * < 1.6.17

ClimateClick: Climate Action for all fixed vulnerable versions:

Contact Form 7 Multi-Step Forms fixed vulnerable versions: >= * < 3.0.9

Content Aware Sidebars – Fastest Widget Area Plugin fixed vulnerable versions:

Delete Duplicate Posts fixed vulnerable versions: >= * < 4.1.9.5

Easy Digital Downloads – Courses fixed vulnerable versions: >= * < 0.1.1

Easy Watermark fixed vulnerable versions: >= * < 0.7.1

Elementor Addons by Livemesh fixed vulnerable versions:

Error Log Monitor fixed vulnerable versions: >= * < 1.6.5

FAQ / Accordion / Docs – Helpie WordPress FAQ Accordion plugin fixed vulnerable versions:

FAQ / Accordion / Docs / KB – Helpie WordPress FAQ Accordion plugin fixed vulnerable versions:

FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel fixed vulnerable versions:

Global Income Stats from Freemius fixed vulnerable versions: >= * <= 1.0.0

Image Photo Gallery Final Tiles Grid fixed vulnerable versions: >= * < 3.3.57

Import Social Statistics fixed vulnerable versions: >= * <= 1.0.2

Insert or Embed Articulate Content into WordPress fixed vulnerable versions: >= * < 4.2997

Lightbox & Modal Popup WordPress Plugin – FooBox fixed vulnerable versions: >= * < 2.6.4

Lightweight Widget Area Plugin – Content Aware Sidebars fixed vulnerable versions: >= * < 3.8.1

Livemesh SiteOrigin Widgets fixed vulnerable versions: >= * < 2.5.2

NextGEN Gallery – Create an Amazing Photo Gallery in Seconds fixed vulnerable versions:

Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery fixed vulnerable versions:

Popup Maker – Boost Sales & Grow Optin Subscribers with Customizable WP Popups fixed vulnerable versions:

Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder fixed vulnerable versions:

Popup Maker – Popup for opt-ins, lead gen, & more fixed vulnerable versions: >= * < 1.8.3

Popup Maker – The Best WordPress popup plugin for boosting sales & growing subsribers fixed vulnerable versions:

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) fixed vulnerable versions:

Post Snippets – Custom WordPress Code Snippets Customizer fixed vulnerable versions: >= * < 3.0.6

Premmerce Product Filter for WooCommerce fixed vulnerable versions: >= * < 3.2

Premmerce Variation Swatches for WooCommerce fixed vulnerable versions: >= * < 1.1

Premmerce Wholesale Pricing for WooCommerce fixed vulnerable versions: >= * < 1.1.4

Premmerce Wishlist for WooCommerce fixed vulnerable versions: >= * < 1.1.3

Product Feed Manager – WooCommerce to Google Shopping, Social Catalogs, and 170+ Popular Marketplaces fixed vulnerable versions: >= * < 2.2.3.1

Product Feed Manager- WooCommerce Product Feeds For Google Shopping, Social Catalog, TikTok Ads, and 180+ Popular Marketplaces fixed vulnerable versions:

Product Feed Manager- WooCommerce Product Feeds For Google Shopping, Social Catalog, TikTok Shop, and 180+ Popular Marketplaces fixed vulnerable versions:

Product Feed Manager- WooCommerce Product Feeds For Google Shopping, Social Catalog, TikTok, and 180+ Popular Marketplaces fixed vulnerable versions:

Responsive Photo Gallery Plugin – FooGallery fixed vulnerable versions:

Revolution for Elementor fixed vulnerable versions: >= * <= 0.0.19

RW Divi Unite Gallery fixed vulnerable versions: >= * <= 1.0

Sprout Clients – CRM and Lead Management fixed vulnerable versions: >= * <= 3.1

Stop User Enumeration fixed vulnerable versions: >= * < 1.3.20

Ultimeter fixed vulnerable versions: >= * < 1.9.3

WordPress Gallery Plugin – NextGEN Gallery fixed vulnerable versions: >= * < 3.1.7

WordPress Robots.txt optimizer (+ XML Sitemap) – Boost SEO, Traffic & Rankings fixed vulnerable versions:

WP Activity Log fixed vulnerable versions: >= * < 3.3.1.2

WP Affiliate Disclosure fixed vulnerable versions: >= * < 1.1.4

WP fail2ban – Advanced Security fixed vulnerable versions:

WP fail2ban – Advanced Security Plugin fixed vulnerable versions:

WP Mobile Menu – The Mobile-Friendly Responsive Menu fixed vulnerable versions: >= * < 2.7.3

WP Munich Blocks – Gutenberg Blocks for WordPress fixed vulnerable versions: >= * < 0.7.3

WP Photo Effects fixed vulnerable versions: >= * < 1.2.3

WP to Twitter fixed vulnerable versions: >= * < 3.3.0

XPoster fixed vulnerable versions:

XPoster – Share to Bluesky and Mastodon fixed vulnerable versions:

XPoster – Share to Twitter/X from WordPress fixed vulnerable versions:

XPoster – Share to X and Mastodon fixed vulnerable versions:

a-staff – Team member showcase plugin for WordPress open vulnerable versions: >= * <= 1.2.2

Addendio LITE – Find WordPress plugins and themes open vulnerable versions: >= * <= 1.2.2

Affiliate Link Builder Plugin for Amazon Associates – Review Engine open vulnerable versions: >= * <= 1.0.41

Ant Admin Notices for Team open vulnerable versions: >= * < 1.0.4

Any Popup – Popup Forms, Optins & Ads open vulnerable versions: >= * <= 1.0

Automatic Post Categories open vulnerable versions: >= * <= 1.0

Bani open vulnerable versions: >= * <= 1.0.7

BAVOKO SEO Tools – All-in-One WordPress SEO open vulnerable versions: >= * < 2.1.9.8

Before and After Product Images for WooCommerce open vulnerable versions: >= * <= 1.0.3

Brand open vulnerable versions: >= * <= 1.9.1

BuddyForms EasyPin open vulnerable versions: >= * <= 1.0.1

BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages open vulnerable versions: >= * < 3.2.6.1

ConsultPress Lite open vulnerable versions: >= * <= 1.2.3

Contact Form for WordPress- Cybrosys open vulnerable versions: >= * <= 5.0

Content Collector open vulnerable versions: >= * <= 1.1.1

Content Slider for WP Posts (Section Slider) open vulnerable versions: >= * <= *

CP Image Gallery open vulnerable versions: >= * <= 1.0.1

CP Simple Newsletter open vulnerable versions: >= * <= 1.1

Cryptocurrency Portfolio Tracker open vulnerable versions: >= * <= 0.0.17

Custom Registration and Custom Login Forms with New Recaptcha open vulnerable versions: >= * <= 1.1

Customer Chat Facebook open vulnerable versions: >= * <= 1.1.1

DeMomentSomTres Address open vulnerable versions: >= * <= 2.1

DeMomentSomTres Categories open vulnerable versions: >= * <= 201704251008

DeMomentSomTres Classify on Publish open vulnerable versions: >= * <= 201703020805

DeMomentSomTres Grid Archive open vulnerable versions: >= * <= 2.1

DeMomentSomTres Media Tools Auto open vulnerable versions: >= * <= 2.0

Device Frame open vulnerable versions: >= * <= 1.0.0

Drop Shadow Boxes open vulnerable versions: >= * < 1.7.2

Easy Code Snippets open vulnerable versions: >= * < 1.0.1

EDD Tab Manager open vulnerable versions: >= * < 1.3.1

enhanced-catalog-images-for-woocommerce open vulnerable versions: >= * <= 1.0.1

Expire tags open vulnerable versions: >= * <= 1.1

Fast WordPress open vulnerable versions: >= * <= 1.0.3

FIT: Featured Image Toolkit open vulnerable versions: >= * <= 1.0.3

freemage open vulnerable versions: >= * <= 1.0

FTC Disclosure open vulnerable versions: >= * <= 2.0

Funnelmentals open vulnerable versions: >= * < 1.2.9

Get feedback from visitors – WP Feedback Suite Plugin open vulnerable versions: >= * <= 1.0.5

GFireM Action After open vulnerable versions: >= * <= 1.1.6

GFireM Advance Search open vulnerable versions: >= * <= 1.2.2

GFireM Fields open vulnerable versions: >= * <= 1.1.7

Giveaways for woocommerce open vulnerable versions: >= * <= 1.0.0

go-fetch-jobs-jobengine open vulnerable versions: >= * <= 1.0

Gravity Forms Sticky List open vulnerable versions: >= * <= 1.5.2

Inbound Brew open vulnerable versions: >= * <= 1.9.4

Kanzu Support Desk – WordPress Helpdesk Plugin open vulnerable versions: >= * <= 2.4.7

KRSP Frontend File Uploader open vulnerable versions: >= * <= 1.0

Livemesh Addons for Elementor open vulnerable versions: >= * < 2.6

Magic Content for Siteorigins Pagebuilder open vulnerable versions: >= * <= 1.0.1

MailChimp Manager open vulnerable versions: >= * <= 1.0.2

Master Blocks – Gutenberg Site Builder open vulnerable versions: >= * <= 1.0.4

Multilist Subscribe for Sendy open vulnerable versions: >= * <= 1.6.1

NEXUS open vulnerable versions: >= * <= 2.0

Nitek Carousel Slider Cool Transitions open vulnerable versions: >= * <= 1.1.0

Nugget by Ingot: Easy, automated and native A/B testing for everyone open vulnerable versions: >= * <= 1.0.0

One Page Blocks open vulnerable versions: >= * <= 1.0.0

Online Booking for Barbershops and Salons open vulnerable versions: >= * <= 1.0.0

Page Studio Lite Plugin open vulnerable versions: >= * <= 1.0.6

Past Events Extension open vulnerable versions: >= * <= 1.0.1

Perelandra Sermons open vulnerable versions: >= * <= 1.1.0

Press Elements – Widgets for Elementor open vulnerable versions: >= * <= 1.7.2

Price Bands for WooCommerce open vulnerable versions: >= * <= 1.0.4

Product Tables for WooCommerce: Quickster open vulnerable versions: >= * <= 1.0.2

Purus open vulnerable versions: >= * <= 1.2.2

Random Sorting Order for WooCommerce open vulnerable versions: >= * <= 1.0

Remove WP Update Nags open vulnerable versions: >= * < 1.4.0

Run time Image resizing open vulnerable versions: >= * <= 1.1

SheetPress – Manage WordPress Meta data with Google Sheets open vulnerable versions: >= * <= 1.1

Shuban open vulnerable versions: >= * <= 1.1.2

Simple Giveaways – Grow your business, email lists and traffic with contests open vulnerable versions: >= * < 2.18.0

SnazzyAdmin WP Admin Theme open vulnerable versions: >= * <= 1.0.2

Social Gallery Lite open vulnerable versions: >= * <= 3.1

Social Share Icons & Social Share Buttons open vulnerable versions: >= * < 3.0.4

Speculor open vulnerable versions: >= * <= 1.2.0

Starfish Review Generation & Marketing for WordPress open vulnerable versions: >= * < 2.0.1

TinyMCE Annotate open vulnerable versions: >= * <= 1.1.2

Turbo Widgets open vulnerable versions: >= * <= 2.0.0

Ultimate Widgets Light open vulnerable versions: >= * <= 1.5.9.4

wGauge – Free Version open vulnerable versions: >= * <= 1.0.0

Widgets for SiteOrigin open vulnerable versions: >= * < 1.4.3

Widgets on Pages and Posts open vulnerable versions: >= * <= 1.4.0

Woo Admin Product Notes open vulnerable versions: >= * <= 1.0.0

WooCommerce Next Order Coupon open vulnerable versions: >= * <= 0.4.0

WooRocks Magic Content open vulnerable versions: >= * <= 1.0.17

WordPress Animation Plugin – Animated Everything open vulnerable versions: >= * <= 1.3.2

WordPress Cloaking – Show & Create Geo-Targeted Custom HTML Plugin – GeoRequest open vulnerable versions: >= * <= 0.1.9

WordPress FAQ Plugin – WPWorx open vulnerable versions: >= * <= 2.0.0

WordPress Reviews by ReviewPress open vulnerable versions: >= * <= 1.0.5

WP Advanced Comment open vulnerable versions: >= * <= 0.3

WP Author Bio open vulnerable versions: >= * <= 1.5.5

WP Private Media open vulnerable versions: >= * <= 1.0.1

WP Pro Counter open vulnerable versions: >= * <= 1.1

WP Relevant Ads open vulnerable versions: >= * <= 1.0.0

wp-buddha-free-adwords open vulnerable versions: >= * <= 1.0.0

Open source

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

Incorrect?

Is this information incorrect? Please leave us a message.

Latest

Configuring Really Simple Security with WP-CLI

How to Fix The “Link you followed has Expired” error on WordPress

404 not found errors

Protecting site visitors with Security Headers

Hardening your website’s security

Access violation vulnerability in Freemius SDK (134 components affected)

Detected in:

Join our mailing list - 6 Tips & Tricks in your inbox over the next days!

Plugins

Get Started

About

Popular articles

Latest

Passkeys: no need for Limit Login Attempts?

Configuring Really Simple Security with WP-CLI

How to Fix The “Link you followed has Expired” error on WordPress

404 not found errors

Protecting site visitors with Security Headers

Hardening your website’s security

Access violation vulnerability in Freemius SDK (134 components affected)

Detected in: