Freemius SDK حتى 2.0.1 على WordPress _get_debug_log/_get_db_option/_set_db_option تزوير طلبات عبر المواقع

CVSS الدرجة المؤقتة للميتاسعر الإكسبلويت الحالي (≈)درجة اهتمام CTI
5.2$0-$5k0.00

الملخصالمعلومات

تم أكتشاف ثغرة أمنية في Freemius SDK حتى 2.0.1. وقد تم تصنيفها على أنها مشكلة صعبة الحل. الثغرة الأمنية متواجدة في الدالة _get_debug_log/_get_db_option/_set_db_option. تؤدي عملية التلاعب إلى تزوير طلبات عبر المواقع. أسم الثغرة الأمنية هوCVE-2022-4974. يمكن البدأ بالهجوم هذا عن بعد. الإكسبلويت غير متوفرة. يُنصح بترقية المكون المتأثر.

التفاصيلالمعلومات

تم أكتشاف ثغرة أمنية في Freemius SDK حتى 2.0.1. وقد تم تصنيفها على أنها مشكلة صعبة الحل. الثغرة الأمنية متواجدة في الدالة _get_debug_log/_get_db_option/_set_db_option. تؤدي عملية التلاعب إلى تزوير طلبات عبر المواقع. عند استخدام CWE لتحديد المشكلة، سيتم التوجيه إلى CWE-352. تم الإعلان عن الثغرة. يمكن عرض الاستشارة من هنا wordfence.com.

أسم الثغرة الأمنية هوCVE-2022-4974. تم تعيين CVE في 15/10/2024. يمكن البدأ بالهجوم هذا عن بعد. التفاصيل التقنية متوفرة. التقارير تشير بأن الثغرة الأمنية هذه ذات شهرة أقل من المتوسط. الإكسبلويت غير متوفرة.

إذا تم تحديد غير معرفة، فإنه يُعلن كـ غير معرفة.

إذا تمت الترقية إلى الإصدار 2.0.2، يمكن معالجة هذه المشكلة. يُنصح بترقية المكون المتأثر.

متأثر

  • YASR – Yet Another Star Rating Plugin for WordPress
  • Events Addon for Elementor
  • Fraud Prevention For WooCommerce and EDD
  • Gutenberg Blocks – ACF Blocks Suite
  • Ultimeter
  • Past Events Extension
  • Pootle Pagebuilder – WordPress Page builder
  • Local Delivery Drivers for WooCommerce
  • Ultimate Gutenberg – Custom Block Templates
  • WP Required Taxonomies – Categories and Tags Mandatory
  • Featured Products First for WooCommerce – A Extension of WooCommerce (WooCommerce Addon Plugin)
  • SSL Certificate – Free SSL, HTTPS by SSL Zen
  • Streak CRM For Gmail For Contact Form 7 – WordPress Plugin
  • WordPress Dev Powers – ACF Color Coded Field Types Plugin
  • DancePress (TRWA)
  • Product Size Charts Plugin for WooCommerce
  • Wp My Admin Bar
  • A no-code page builder for beautiful performance-based content
  • LocalSEOMap
  • Easy Prayer
  • AdFoxly – Ad Manager, AdSense Ads & Ads.txt
  • WP Get Personal
  • Checkout with Cash App on EDD
  • Server Info
  • Custom WooCommerce Checkout Fields Editor
  • KRSP Frontend File Uploader
  • Panorama Viewer- Best Plugin to Display Panoramic Images/Videos
  • Bulk Attachment Download
  • AutoSave Net
  • Premmerce Wholesale Pricing for WooCommerce
  • Any Popup – Popup Forms, Optins & Ads
  • Checkout with Venmo on EDD
  • Payment gateway per Product for WooCommerce
  • HQTheme Extra
  • Vit Website Reviews
  • WooCommerce EU VAT Assistant
  • WordPress Slider Block Gutenslider
  • HuCommerce | Magyar WooCommerce kiegészítések
  • KVoucher
  • Video Player for YouTube
  • Error Log Monitor
  • SlideDeck: Responsive WordPress Slider Plugin
  • Premmerce Multi-currency for Woocommerce
  • Booking Addon for WooCommerce
  • WP Event Partners – WordPress Plugin for Event and Conference Management
  • WC Shop Sync – Square Payment Gateway for WooCommerce, Inventory Sync Between Square and WooCommerce, Ultimate WooCommerce Square Plugin
  • Add Expires Headers & Optimized Minify
  • ForceField
  • FIT: Featured Image Toolkit
  • All in One Invite Codes
  • Dynamic Pricing and Discount Rules for WooCommerce
  • Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss
  • Grid & Styler For Contact Form 7 And Divi
  • Protect Uploads with Login – Protect Your Uploads
  • Atlas – Knowledge Base
  • Simple Sitemap – Create a Responsive HTML Sitemap
  • Super Video Player- Best WordPress Video Display Plugin for mp4/OGG
  • WordPress Books Gallery
  • FiboSearch – Ajax Search for WooCommerce
  • Tag Groups is the Advanced Way to Display Your Taxonomy Terms
  • WP Free SSL – Free SSL Certificate for WordPress and force HTTPS
  • ClickerVolt – Affiliate Links & Click Tracking for Performance Marketers
  • ConsultPress Lite
  • Divi Forms Styler – Gravity Forms, Fluent Forms & Contact Form 7
  • StreamWeasels Twitch Integration
  • Mobile View for Responsive web design optimization (UX design) + Mobile Friendly Test
  • Zip Code Redirect
  • Guestofy – Restaurant Reservations Plugin, Room Planer, Reservation Form
  • CF7 Constant Contact Fields Mapping
  • Booking Calendar | Appointment Booking | Bookit
  • EthereumICO
  • RT Easy Builder – Advanced addons for Elementor
  • WP Contact Slider
  • Country Based Payments for WooCommerce
  • Filr – Secure document library
  • Elasta
  • MapGeo – Interactive Geo Maps
  • WordPress Animation Plugin – Animated Everything
  • WP Notification Bell
  • Activity Log For MainWP
  • Connected Sermons
  • Bulk Edit and Create User Profiles – WP Sheet Editor
  • Кнопка ЮMoney
  • Bulk WooCommerce Category Creator
  • Easy Math Captcha for CF7
  • Master Accordion ( Former WP Awesome FAQ Plugin )
  • Better Elementor Addons
  • Elementor Addons by Livemesh
  • Place Order Without Payment for WooCommerce
  • STEWoo – Super Transactional Emails for WooCommerce
  • DeMomentSomTres Address
  • Out of stock display for woocommerce
  • Ultimate Blocks – WordPress Blocks Plugin
  • Bulk Auto Image Title Attribute (Image Title tag) optimizer (Image SEO)
  • WP Radio – Worldwide Online Radio Stations Directory for WordPress
  • BookPress – For Book Authors
  • Qyrr – simply and modern QR-Code creation
  • WordPress Directory Plugin For Business Listings – WP Local Plus
  • Equalize Digital Accessibility Checker – Audit Your Website for WCAG, ADA, and Section 508 Accessibility Errors
  • Funnelmentals
  • Blockspare: Gutenberg Blocks & Patterns for Blogs, Magazines, Business Sites – Post Grids, Sliders, Carousels, Counters, Page Builder & Starter Site Imports, No Coding Needed
  • Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook
  • Product Carousel For WooCommerce – WoorouSell
  • WordPress Robots.txt optimizer (+ XML Sitemap) – Boost SEO, Traffic & Rankings
  • GFireM Fields
  • Coupon Affiliates – Affiliate Plugin for WooCommerce
  • WP Post Block
  • LMS Plugin – eLearning, Online Courses by Attest
  • Frontend Admin by DynamiApps
  • Simple Giveaways – Grow your business, email lists and traffic with contests
  • WPTools Masonry Gallery & Posts For Divi
  • GFireM Action After
  • Woo Ukrposhta
  • annasta Woocommerce Product Filters
  • WP Lead Stream
  • The Events Calendar
  • Focus on Reviews for WooCommerce
  • Email Tracker – Email Tracking Plugin to track Emails for Open and Email Links Click (Compatible with WooCommerce)
  • Block Styler For Gravity Forms
  • WP Page Templates
  • Product Customer List for WooCommerce
  • WP Moose
  • Team Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More
  • Floating Social Share Icons and Social Share buttons – Next Previous Post Links – FL
  • South Pole: Climate action now
  • LittleBot Invoices
  • Genealogical Tree – WordPress Family Tree
  • Automatic YouTube Gallery
  • Thank You Page for WooCommerce
  • Marijuana Age Verify
  • WooCommerce upcoming Products
  • Frontend Admin – Add and edit posts, pages, users and more all from the frontend
  • SV Tracking Manager
  • WP EasyPay – Square for WordPress
  • WordPress SEO Checklist
  • wGauge – Free Version
  • Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)
  • Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)
  • WP Tools Divi Product Carousel
  • Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor
  • Social Gallery Lite
  • Stackable – Page Builder Gutenberg Blocks
  • Five-Star Ratings Shortcode
  • CAPTCHA 4WP – Antispam CAPTCHA solution for WordPress
  • Premmerce Wishlist for WooCommerce
  • Salon Booking System
  • Surbma | GDPR Proof Cookie Consent & Notice Bar
  • Advance Menu Manager
  • Live TV Player – Worldwide Live TV Channels Player for WordPress
  • Market Exporter
  • WP Adminify – Custom WordPress Dashboard, Login and Admin Customizer
  • TK Google Fonts GDPR Compliant
  • Starfish Review Generation & Marketing for WordPress
  • WP Emaily
  • Education Addon for Elementor
  • SV Proven Expert
  • SurveyFunnel – Survey Plugin for WordPress
  • Advanced Classifieds & Directory Pro
  • Music Player for Elementor – Audio Player & Podcast Player
  • Cryptocurrency Product for WooCommerce
  • WooCommerce Next Order Coupon
  • Overlay Image Divi Module
  • Email Header Footer
  • Document Viewer- Plugin to Display MS Office Docs
  • Price Bands for WooCommerce
  • Elementor Addon Elements
  • Smart Variations Images & Swatches for WooCommerce
  • Featured Images in RSS for Mailchimp & More
  • Simple Sponsorships
  • Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
  • Joli Table Of Contents
  • Sparrow: Product Reviews and Ratings for WooCommerce
  • Multi Page Auto Advance for Gravity Forms
  • Generate Images – Magic Post Thumbnail
  • Live Scores for SportsPress
  • Hide Shipping Method For WooCommerce
  • Ultimate Carousel For Divi
  • WP Meta and Date Remover
  • Image Carousel For Divi
  • Comments Not Replied To
  • Contact Form 7 – Capsule CRM – Integration
  • Opensea
  • WordPress Translation plugin for Post, Pages & WooCommerce products. Tranzly IO AI DeepL automatic WordPress Translator.
  • Pixel Manager for WooCommerce – Track Google Analytics, Google Ads, TikTok and more
  • Modern Addons for Elementor Page Builder
  • Viralike
  • WordPress Dev Powers – Element Selector jQuery Powers Plugin
  • WP Munich Blocks – Gutenberg Blocks for WordPress
  • Availability datepicker – Integrate with Contact Form 7 and Divi
  • Footer Plugin for Divi
  • Accept Stripe Donation and Payments – AidWP
  • New User Approve
  • GFireM Advance Search
  • WPMailer – The best mail builder, No More Core for your emails support Elementor, CF7 forms etc…
  • Shared Files – Frontend File Upload Form & Secure File Sharing
  • WPBITS Addons For Elementor Page Builder
  • Speculor
  • WP Google Street View (with 360° virtual tour) & Google maps + Local SEO
  • WordPress Everse Starter Sites – Elementor Templates
  • Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations
  • Choice Payment Gateway for WooCommerce
  • Domain Mapping System | Create Microsites with Multiple Alias Domains (multisite optional)
  • Order and Inventory Manager for WooCommerce
  • Ninja Libs Amazon SES
  • Delete All Comments of wordpress
  • WP-Cron Status Checker
  • CodeKit – Custom Codes Editor
  • FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel
  • Change Price Title for WooCommerce
  • WordPress Gallery Plugin – Edge Photo Gallery
  • Glorious Services & Support
  • Easy Newsletter Signups
  • Announcement & Notification Banner – Bulletin
  • Advanced Database Replacer
  • Multisite Robots.txt Manager
  • Simple Social Page Widget & Shortcode
  • WooCommerce Country Catalogs – Product Country Restrictions
  • Front End PM
  • Ultimate Divi Modules Suite – Divi Sumo Lite
  • XT Points & Rewards for WooCommerce
  • Widgets for WooCommerce Products on Elementor
  • Delivery for WooCommerce
  • WP SMS Plugin – WordPress SMS Two Factor Authentication – 2FA, Two Factor, OTP SMS and Email
  • Security Ninja – Secure Firewall & Secure Malware Scanner
  • TinyMCE Annotate
  • Justified Gallery
  • Book BuyBack Prices
  • Fuse Social Floating Sidebar
  • WP-HR Manager: The Human Resources Plugin for WordPress
  • Emails Blacklist for Everest Forms
  • All-in-One Video Gallery
  • Woo Admin Product Notes
  • Remove Add to Cart WooCommerce
  • Checkout with Zelle on Woocommerce
  • WP Tools Gravity Forms Divi Module
  • Everse
  • Run time Image resizing
  • Rest Routes – Custom Endpoints

منتجالمعلومات

النوع

الأسم

النسخة

CPE 2.3المعلومات

CPE 2.2المعلومات

CVSSv4المعلومات

VulDB متجه: 🔍
VulDB الاعتمادية: 🔍

CVSSv3المعلومات

VulDB الدرجة الأساسية للميتا: 5.3
VulDB الدرجة المؤقتة للميتا: 5.2

VulDB الدرجة الأساسية: 4.3
VulDB الدرجة المؤقتة: 4.1
VulDB متجه: 🔍
VulDB الاعتمادية: 🔍

CNA الدرجة الأساسية: 6.3
CNA متجه (Wordfence): 🔍

CVSSv2المعلومات

AVACAuCIA
💳💳💳💳💳💳
💳💳💳💳💳💳
💳💳💳💳💳💳
متجهالتعقيدتوثيقالسريةالأمانةالتوفر
افتحافتحافتحافتحافتحافتح
افتحافتحافتحافتحافتحافتح
افتحافتحافتحافتحافتحافتح

VulDB الدرجة الأساسية: 🔍
VulDB الدرجة المؤقتة: 🔍
VulDB الاعتمادية: 🔍

استغلالالمعلومات

الفئة: تزوير طلبات عبر المواقع
CWE: CWE-352 / CWE-862 / CWE-863
CAPEC: 🔍
ATT&CK: 🔍

ملموس: لا
محلي: لا
عن بُعد: نعم

التوفر: 🔍
الحالة: غير معرفة

EPSS Score: 🔍
EPSS Percentile: 🔍

تقدير السعر: 🔍
تقدير السعر الحالي: 🔍

0-Dayافتحافتحافتحافتح
اليومافتحافتحافتحافتح

استخبارات التهديدالمعلومات

الاهتمام: 🔍
الفاعلون النشطون: 🔍
مجموعات APT النشطة: 🔍

إجراءات مضادةالمعلومات

التوصية: ترقية
الحالة: 🔍

زمن الهجوم الفوري: 🔍

ترقية: Freemius SDK 2.0.2

الجدول الزمنيالمعلومات

15/10/2024 🔍
16/10/2024 +1 أيام 🔍
16/10/2024 +0 أيام 🔍
05/03/2025 +140 أيام 🔍

المصادرالمعلومات

استشارة: wordfence.com
الحالة: مؤكد

CVE: CVE-2022-4974 (🔍)
GCVE (CVE): GCVE-0-2022-4974
GCVE (VulDB): GCVE-100-280595

إدخالالمعلومات

تم الإنشاء: 16/10/2024 10:22 AM
تم التحديث: 05/03/2025 09:02 AM
التغييرات: 16/10/2024 10:22 AM (66), 05/03/2025 09:02 AM (3)
كامل: 🔍
Cache ID: 216::103

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

مناقشة

لا توجد تعليقات بعد اللغات: ar + fa + en.

يرجى تسجيل الدخول حتى تتمكن من التعليق

التالي نظرة عامة السابق

Interested in the pricing of exploits?

See the underground prices here!