Freemius SDK hasta 2.0.1 en WordPress _get_debug_log/_get_db_option/_set_db_option falsificación de solicitudes en sitios cruzados
| CVSS Puntuación meta temporal | Precio actual del exploit (≈) | Puntuación de interés CTI |
|---|---|---|
| 5.2 | $0-$5k | 0.00 |
Resumen
Una vulnerabilidad clasificada como problemática fue encontrada en Freemius SDK hasta 2.0.1. Se ve afectada una función desconocida. A través de la manipulación de un input desconocido se causa una vulnerabilidad de clase falsificación de solicitudes en sitios cruzados. Esta vulnerabilidad se conoce como CVE-2022-4974. El ataque puede ser iniciado desde la red. No hay ningún exploit disponible. Se recomienda actualizar el componente afectado.
Detalles
Una vulnerabilidad fue encontrada en Freemius SDK hasta 2.0.1 en WordPress y clasificada como problemática. La función _get_debug_log/_get_db_option/_set_db_option es afectada por esta vulnerabilidad. Por la manipulación de un input desconocido se causa una vulnerabilidad de clase falsificación de solicitudes en sitios cruzados. Esto tiene repercusión sobre la la integridad.
El advisory puede ser descargado de wordfence.com. La vulnerabilidad es identificada como CVE-2022-4974. La explotación se considera fácil. El ataque se puede efectuar a través de la red. La explotación no necesita ninguna autentificación específica. Detalles técnicos son conocidos, pero no hay ningún exploit público disponible.
Una actualización a la versión 2.0.2 elimina esta vulnerabilidad.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Afectado
- YASR – Yet Another Star Rating Plugin for WordPress
- Events Addon for Elementor
- Fraud Prevention For WooCommerce and EDD
- Gutenberg Blocks – ACF Blocks Suite
- Ultimeter
- Past Events Extension
- Pootle Pagebuilder – WordPress Page builder
- Local Delivery Drivers for WooCommerce
- Ultimate Gutenberg – Custom Block Templates
- WP Required Taxonomies – Categories and Tags Mandatory
- Featured Products First for WooCommerce – A Extension of WooCommerce (WooCommerce Addon Plugin)
- SSL Certificate – Free SSL, HTTPS by SSL Zen
- Streak CRM For Gmail For Contact Form 7 – WordPress Plugin
- WordPress Dev Powers – ACF Color Coded Field Types Plugin
- DancePress (TRWA)
- Product Size Charts Plugin for WooCommerce
- Wp My Admin Bar
- A no-code page builder for beautiful performance-based content
- LocalSEOMap
- Easy Prayer
- AdFoxly – Ad Manager, AdSense Ads & Ads.txt
- WP Get Personal
- Checkout with Cash App on EDD
- Server Info
- Custom WooCommerce Checkout Fields Editor
- KRSP Frontend File Uploader
- Panorama Viewer- Best Plugin to Display Panoramic Images/Videos
- Bulk Attachment Download
- AutoSave Net
- Premmerce Wholesale Pricing for WooCommerce
- Any Popup – Popup Forms, Optins & Ads
- Checkout with Venmo on EDD
- Payment gateway per Product for WooCommerce
- HQTheme Extra
- Vit Website Reviews
- WooCommerce EU VAT Assistant
- WordPress Slider Block Gutenslider
- HuCommerce | Magyar WooCommerce kiegészítések
- KVoucher
- Video Player for YouTube
- Error Log Monitor
- SlideDeck: Responsive WordPress Slider Plugin
- Premmerce Multi-currency for Woocommerce
- Booking Addon for WooCommerce
- WP Event Partners – WordPress Plugin for Event and Conference Management
- WC Shop Sync – Square Payment Gateway for WooCommerce, Inventory Sync Between Square and WooCommerce, Ultimate WooCommerce Square Plugin
- Add Expires Headers & Optimized Minify
- ForceField
- FIT: Featured Image Toolkit
- All in One Invite Codes
- Dynamic Pricing and Discount Rules for WooCommerce
- Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss
- Grid & Styler For Contact Form 7 And Divi
- Protect Uploads with Login – Protect Your Uploads
- Atlas – Knowledge Base
- Simple Sitemap – Create a Responsive HTML Sitemap
- Super Video Player- Best WordPress Video Display Plugin for mp4/OGG
- WordPress Books Gallery
- FiboSearch – Ajax Search for WooCommerce
- Tag Groups is the Advanced Way to Display Your Taxonomy Terms
- WP Free SSL – Free SSL Certificate for WordPress and force HTTPS
- ClickerVolt – Affiliate Links & Click Tracking for Performance Marketers
- ConsultPress Lite
- Divi Forms Styler – Gravity Forms, Fluent Forms & Contact Form 7
- StreamWeasels Twitch Integration
- Mobile View for Responsive web design optimization (UX design) + Mobile Friendly Test
- Zip Code Redirect
- Guestofy – Restaurant Reservations Plugin, Room Planer, Reservation Form
- CF7 Constant Contact Fields Mapping
- Booking Calendar | Appointment Booking | Bookit
- EthereumICO
- RT Easy Builder – Advanced addons for Elementor
- WP Contact Slider
- Country Based Payments for WooCommerce
- Filr – Secure document library
- Elasta
- MapGeo – Interactive Geo Maps
- WordPress Animation Plugin – Animated Everything
- WP Notification Bell
- Activity Log For MainWP
- Connected Sermons
- Bulk Edit and Create User Profiles – WP Sheet Editor
- Кнопка ЮMoney
- Bulk WooCommerce Category Creator
- Easy Math Captcha for CF7
- Master Accordion ( Former WP Awesome FAQ Plugin )
- Better Elementor Addons
- Elementor Addons by Livemesh
- Place Order Without Payment for WooCommerce
- STEWoo – Super Transactional Emails for WooCommerce
- DeMomentSomTres Address
- Out of stock display for woocommerce
- Ultimate Blocks – WordPress Blocks Plugin
- Bulk Auto Image Title Attribute (Image Title tag) optimizer (Image SEO)
- WP Radio – Worldwide Online Radio Stations Directory for WordPress
- BookPress – For Book Authors
- Qyrr – simply and modern QR-Code creation
- WordPress Directory Plugin For Business Listings – WP Local Plus
- Equalize Digital Accessibility Checker – Audit Your Website for WCAG, ADA, and Section 508 Accessibility Errors
- Funnelmentals
- Blockspare: Gutenberg Blocks & Patterns for Blogs, Magazines, Business Sites – Post Grids, Sliders, Carousels, Counters, Page Builder & Starter Site Imports, No Coding Needed
- Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook
- Product Carousel For WooCommerce – WoorouSell
- WordPress Robots.txt optimizer (+ XML Sitemap) – Boost SEO, Traffic & Rankings
- GFireM Fields
- Coupon Affiliates – Affiliate Plugin for WooCommerce
- WP Post Block
- LMS Plugin – eLearning, Online Courses by Attest
- Frontend Admin by DynamiApps
- Simple Giveaways – Grow your business, email lists and traffic with contests
- WPTools Masonry Gallery & Posts For Divi
- GFireM Action After
- Woo Ukrposhta
- annasta Woocommerce Product Filters
- WP Lead Stream
- The Events Calendar
- Focus on Reviews for WooCommerce
- Email Tracker – Email Tracking Plugin to track Emails for Open and Email Links Click (Compatible with WooCommerce)
- Block Styler For Gravity Forms
- WP Page Templates
- Product Customer List for WooCommerce
- WP Moose
- Team Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More
- Floating Social Share Icons and Social Share buttons – Next Previous Post Links – FL
- South Pole: Climate action now
- LittleBot Invoices
- Genealogical Tree – WordPress Family Tree
- Automatic YouTube Gallery
- Thank You Page for WooCommerce
- Marijuana Age Verify
- WooCommerce upcoming Products
- Frontend Admin – Add and edit posts, pages, users and more all from the frontend
- SV Tracking Manager
- WP EasyPay – Square for WordPress
- WordPress SEO Checklist
- wGauge – Free Version
- Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)
- Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)
- WP Tools Divi Product Carousel
- Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor
- Social Gallery Lite
- Stackable – Page Builder Gutenberg Blocks
- Five-Star Ratings Shortcode
- CAPTCHA 4WP – Antispam CAPTCHA solution for WordPress
- Premmerce Wishlist for WooCommerce
- Salon Booking System
- Surbma | GDPR Proof Cookie Consent & Notice Bar
- Advance Menu Manager
- Live TV Player – Worldwide Live TV Channels Player for WordPress
- Market Exporter
- WP Adminify – Custom WordPress Dashboard, Login and Admin Customizer
- TK Google Fonts GDPR Compliant
- Starfish Review Generation & Marketing for WordPress
- WP Emaily
- Education Addon for Elementor
- SV Proven Expert
- SurveyFunnel – Survey Plugin for WordPress
- Advanced Classifieds & Directory Pro
- Music Player for Elementor – Audio Player & Podcast Player
- Cryptocurrency Product for WooCommerce
- WooCommerce Next Order Coupon
- Overlay Image Divi Module
- Email Header Footer
- Document Viewer- Plugin to Display MS Office Docs
- Price Bands for WooCommerce
- Elementor Addon Elements
- Smart Variations Images & Swatches for WooCommerce
- Featured Images in RSS for Mailchimp & More
- Simple Sponsorships
- Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
- Joli Table Of Contents
- Sparrow: Product Reviews and Ratings for WooCommerce
- Multi Page Auto Advance for Gravity Forms
- Generate Images – Magic Post Thumbnail
- Live Scores for SportsPress
- Hide Shipping Method For WooCommerce
- Ultimate Carousel For Divi
- WP Meta and Date Remover
- Image Carousel For Divi
- Comments Not Replied To
- Contact Form 7 – Capsule CRM – Integration
- Opensea
- WordPress Translation plugin for Post, Pages & WooCommerce products. Tranzly IO AI DeepL automatic WordPress Translator.
- Pixel Manager for WooCommerce – Track Google Analytics, Google Ads, TikTok and more
- Modern Addons for Elementor Page Builder
- Viralike
- WordPress Dev Powers – Element Selector jQuery Powers Plugin
- WP Munich Blocks – Gutenberg Blocks for WordPress
- Availability datepicker – Integrate with Contact Form 7 and Divi
- Footer Plugin for Divi
- Accept Stripe Donation and Payments – AidWP
- New User Approve
- GFireM Advance Search
- WPMailer – The best mail builder, No More Core for your emails support Elementor, CF7 forms etc…
- Shared Files – Frontend File Upload Form & Secure File Sharing
- WPBITS Addons For Elementor Page Builder
- Speculor
- WP Google Street View (with 360° virtual tour) & Google maps + Local SEO
- WordPress Everse Starter Sites – Elementor Templates
- Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations
- Choice Payment Gateway for WooCommerce
- Domain Mapping System | Create Microsites with Multiple Alias Domains (multisite optional)
- Order and Inventory Manager for WooCommerce
- Ninja Libs Amazon SES
- Delete All Comments of wordpress
- WP-Cron Status Checker
- CodeKit – Custom Codes Editor
- FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel
- Change Price Title for WooCommerce
- WordPress Gallery Plugin – Edge Photo Gallery
- Glorious Services & Support
- Easy Newsletter Signups
- Announcement & Notification Banner – Bulletin
- Advanced Database Replacer
- Multisite Robots.txt Manager
- Simple Social Page Widget & Shortcode
- WooCommerce Country Catalogs – Product Country Restrictions
- Front End PM
- Ultimate Divi Modules Suite – Divi Sumo Lite
- XT Points & Rewards for WooCommerce
- Widgets for WooCommerce Products on Elementor
- Delivery for WooCommerce
- WP SMS Plugin – WordPress SMS Two Factor Authentication – 2FA, Two Factor, OTP SMS and Email
- Security Ninja – Secure Firewall & Secure Malware Scanner
- TinyMCE Annotate
- Justified Gallery
- Book BuyBack Prices
- Fuse Social Floating Sidebar
- WP-HR Manager: The Human Resources Plugin for WordPress
- Emails Blacklist for Everest Forms
- All-in-One Video Gallery
- Woo Admin Product Notes
- Remove Add to Cart WooCommerce
- Checkout with Zelle on Woocommerce
- WP Tools Gravity Forms Divi Module
- Everse
- Run time Image resizing
- Rest Routes – Custom Endpoints
Producto
Escribe
Nombre
Versión
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Confiabilidad: 🔍
CVSSv3
VulDB Puntuación meta base: 5.3VulDB Puntuación meta temporal: 5.2
VulDB Puntuación base: 4.3
VulDB Puntuación temporal: 4.1
VulDB Vector: 🔍
VulDB Confiabilidad: 🔍
CNA Puntuación base: 6.3
CNA Vector (Wordfence): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complejidad | Autenticación | Confidencialidad | Integridad | Disponibilidad |
|---|---|---|---|---|---|
| Desbloquear | Desbloquear | Desbloquear | Desbloquear | Desbloquear | Desbloquear |
| Desbloquear | Desbloquear | Desbloquear | Desbloquear | Desbloquear | Desbloquear |
| Desbloquear | Desbloquear | Desbloquear | Desbloquear | Desbloquear | Desbloquear |
VulDB Puntuación base: 🔍
VulDB Puntuación temporal: 🔍
VulDB Confiabilidad: 🔍
Explotación
Clase: Falsificación de solicitudes en sitios cruzadosCWE: CWE-352 / CWE-862 / CWE-863
CAPEC: 🔍
ATT&CK: 🔍
Físico: No
Local: No
Remoto: Sí
Disponibilidad: 🔍
Estado: No está definido
EPSS Score: 🔍
EPSS Percentile: 🔍
Predicción de precios: 🔍
Estimación del precio actual: 🔍
| 0-Day | Desbloquear | Desbloquear | Desbloquear | Desbloquear |
|---|---|---|---|---|
| Hoy | Desbloquear | Desbloquear | Desbloquear | Desbloquear |
Inteligencia de amenazas
Interés: 🔍Actores activos: 🔍
Grupos APT activos: 🔍
Contramedidas
Recomendación: ActualizaciónEstado: 🔍
Hora de 0 días: 🔍
Actualización: Freemius SDK 2.0.2
Línea de tiempo
2024-10-15 🔍2024-10-16 🔍
2024-10-16 🔍
2025-03-05 🔍
Fuentes
Aviso: wordfence.comEstado: Confirmado
CVE: CVE-2022-4974 (🔍)
GCVE (CVE): GCVE-0-2022-4974
GCVE (VulDB): GCVE-100-280595
Artículo
Fecha de creación: 2024-10-16 10:22Actualizado: 2025-03-05 09:02
Cambios: 2024-10-16 10:22 (66), 2025-03-05 09:02 (3)
Completo: 🔍
Cache ID: 216::103
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Sin comentarios aún. Idiomas: es + pt + en.
Por favor, inicie sesión para comentar.