Freemius SDK jusqu’à 2.0.1 sur WordPress _get_debug_log/_get_db_option/_set_db_option cross site request forgery

CVSS Score méta-temporairePrix actuel de l'exploit (≈)Score d'intérêt CTI
5.2$0-$5k0.00

Résuméinformation

Une vulnérabilité classée problématique a été trouvée dans Freemius SDK jusqu’à 2.0.1. Affecté par cette vulnérabilité est la fonction _get_debug_log/_get_db_option/_set_db_option. A cause de la manipulation avec une valeur d'entrée inconnue mène à une vulnérabilité de classe cross site request forgery. Cette vulnérabilité est identifiée comme CVE-2022-4974. Il est possible de lancer l'attaque à distance. Aucun exploit n'est disponible. Il est recommandé de mettre à niveau le composant affecté.

Détailsinformation

Une vulnérabilité a été trouvé dans Freemius SDK jusqu’à 2.0.1 sur WordPress et classée problématique. Ceci affecte la fonction _get_debug_log/_get_db_option/_set_db_option. A cause de la manipulation avec une valeur d'entrée inconnue mène à une vulnérabilité de classe cross site request forgery.

La notice d'information est disponible en téléchargement sur wordfence.com Cette vulnérabilité a été nommée CVE-2022-4974. L'exploitation est considérée comme facile. L'attaque peut être initialisée à distance. Aucune forme d'authentification est requise pour l'exploitation. Les détails technniques sont connus, mais aucun exploite n'est disponible.

Mettre à jour à la version 2.0.2 élimine cette vulnérabilité.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Affecté

  • YASR – Yet Another Star Rating Plugin for WordPress
  • Events Addon for Elementor
  • Fraud Prevention For WooCommerce and EDD
  • Gutenberg Blocks – ACF Blocks Suite
  • Ultimeter
  • Past Events Extension
  • Pootle Pagebuilder – WordPress Page builder
  • Local Delivery Drivers for WooCommerce
  • Ultimate Gutenberg – Custom Block Templates
  • WP Required Taxonomies – Categories and Tags Mandatory
  • Featured Products First for WooCommerce – A Extension of WooCommerce (WooCommerce Addon Plugin)
  • SSL Certificate – Free SSL, HTTPS by SSL Zen
  • Streak CRM For Gmail For Contact Form 7 – WordPress Plugin
  • WordPress Dev Powers – ACF Color Coded Field Types Plugin
  • DancePress (TRWA)
  • Product Size Charts Plugin for WooCommerce
  • Wp My Admin Bar
  • A no-code page builder for beautiful performance-based content
  • LocalSEOMap
  • Easy Prayer
  • AdFoxly – Ad Manager, AdSense Ads & Ads.txt
  • WP Get Personal
  • Checkout with Cash App on EDD
  • Server Info
  • Custom WooCommerce Checkout Fields Editor
  • KRSP Frontend File Uploader
  • Panorama Viewer- Best Plugin to Display Panoramic Images/Videos
  • Bulk Attachment Download
  • AutoSave Net
  • Premmerce Wholesale Pricing for WooCommerce
  • Any Popup – Popup Forms, Optins & Ads
  • Checkout with Venmo on EDD
  • Payment gateway per Product for WooCommerce
  • HQTheme Extra
  • Vit Website Reviews
  • WooCommerce EU VAT Assistant
  • WordPress Slider Block Gutenslider
  • HuCommerce | Magyar WooCommerce kiegészítések
  • KVoucher
  • Video Player for YouTube
  • Error Log Monitor
  • SlideDeck: Responsive WordPress Slider Plugin
  • Premmerce Multi-currency for Woocommerce
  • Booking Addon for WooCommerce
  • WP Event Partners – WordPress Plugin for Event and Conference Management
  • WC Shop Sync – Square Payment Gateway for WooCommerce, Inventory Sync Between Square and WooCommerce, Ultimate WooCommerce Square Plugin
  • Add Expires Headers & Optimized Minify
  • ForceField
  • FIT: Featured Image Toolkit
  • All in One Invite Codes
  • Dynamic Pricing and Discount Rules for WooCommerce
  • Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss
  • Grid & Styler For Contact Form 7 And Divi
  • Protect Uploads with Login – Protect Your Uploads
  • Atlas – Knowledge Base
  • Simple Sitemap – Create a Responsive HTML Sitemap
  • Super Video Player- Best WordPress Video Display Plugin for mp4/OGG
  • WordPress Books Gallery
  • FiboSearch – Ajax Search for WooCommerce
  • Tag Groups is the Advanced Way to Display Your Taxonomy Terms
  • WP Free SSL – Free SSL Certificate for WordPress and force HTTPS
  • ClickerVolt – Affiliate Links & Click Tracking for Performance Marketers
  • ConsultPress Lite
  • Divi Forms Styler – Gravity Forms, Fluent Forms & Contact Form 7
  • StreamWeasels Twitch Integration
  • Mobile View for Responsive web design optimization (UX design) + Mobile Friendly Test
  • Zip Code Redirect
  • Guestofy – Restaurant Reservations Plugin, Room Planer, Reservation Form
  • CF7 Constant Contact Fields Mapping
  • Booking Calendar | Appointment Booking | Bookit
  • EthereumICO
  • RT Easy Builder – Advanced addons for Elementor
  • WP Contact Slider
  • Country Based Payments for WooCommerce
  • Filr – Secure document library
  • Elasta
  • MapGeo – Interactive Geo Maps
  • WordPress Animation Plugin – Animated Everything
  • WP Notification Bell
  • Activity Log For MainWP
  • Connected Sermons
  • Bulk Edit and Create User Profiles – WP Sheet Editor
  • Кнопка ЮMoney
  • Bulk WooCommerce Category Creator
  • Easy Math Captcha for CF7
  • Master Accordion ( Former WP Awesome FAQ Plugin )
  • Better Elementor Addons
  • Elementor Addons by Livemesh
  • Place Order Without Payment for WooCommerce
  • STEWoo – Super Transactional Emails for WooCommerce
  • DeMomentSomTres Address
  • Out of stock display for woocommerce
  • Ultimate Blocks – WordPress Blocks Plugin
  • Bulk Auto Image Title Attribute (Image Title tag) optimizer (Image SEO)
  • WP Radio – Worldwide Online Radio Stations Directory for WordPress
  • BookPress – For Book Authors
  • Qyrr – simply and modern QR-Code creation
  • WordPress Directory Plugin For Business Listings – WP Local Plus
  • Equalize Digital Accessibility Checker – Audit Your Website for WCAG, ADA, and Section 508 Accessibility Errors
  • Funnelmentals
  • Blockspare: Gutenberg Blocks & Patterns for Blogs, Magazines, Business Sites – Post Grids, Sliders, Carousels, Counters, Page Builder & Starter Site Imports, No Coding Needed
  • Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook
  • Product Carousel For WooCommerce – WoorouSell
  • WordPress Robots.txt optimizer (+ XML Sitemap) – Boost SEO, Traffic & Rankings
  • GFireM Fields
  • Coupon Affiliates – Affiliate Plugin for WooCommerce
  • WP Post Block
  • LMS Plugin – eLearning, Online Courses by Attest
  • Frontend Admin by DynamiApps
  • Simple Giveaways – Grow your business, email lists and traffic with contests
  • WPTools Masonry Gallery & Posts For Divi
  • GFireM Action After
  • Woo Ukrposhta
  • annasta Woocommerce Product Filters
  • WP Lead Stream
  • The Events Calendar
  • Focus on Reviews for WooCommerce
  • Email Tracker – Email Tracking Plugin to track Emails for Open and Email Links Click (Compatible with WooCommerce)
  • Block Styler For Gravity Forms
  • WP Page Templates
  • Product Customer List for WooCommerce
  • WP Moose
  • Team Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More
  • Floating Social Share Icons and Social Share buttons – Next Previous Post Links – FL
  • South Pole: Climate action now
  • LittleBot Invoices
  • Genealogical Tree – WordPress Family Tree
  • Automatic YouTube Gallery
  • Thank You Page for WooCommerce
  • Marijuana Age Verify
  • WooCommerce upcoming Products
  • Frontend Admin – Add and edit posts, pages, users and more all from the frontend
  • SV Tracking Manager
  • WP EasyPay – Square for WordPress
  • WordPress SEO Checklist
  • wGauge – Free Version
  • Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)
  • Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)
  • WP Tools Divi Product Carousel
  • Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor
  • Social Gallery Lite
  • Stackable – Page Builder Gutenberg Blocks
  • Five-Star Ratings Shortcode
  • CAPTCHA 4WP – Antispam CAPTCHA solution for WordPress
  • Premmerce Wishlist for WooCommerce
  • Salon Booking System
  • Surbma | GDPR Proof Cookie Consent & Notice Bar
  • Advance Menu Manager
  • Live TV Player – Worldwide Live TV Channels Player for WordPress
  • Market Exporter
  • WP Adminify – Custom WordPress Dashboard, Login and Admin Customizer
  • TK Google Fonts GDPR Compliant
  • Starfish Review Generation & Marketing for WordPress
  • WP Emaily
  • Education Addon for Elementor
  • SV Proven Expert
  • SurveyFunnel – Survey Plugin for WordPress
  • Advanced Classifieds & Directory Pro
  • Music Player for Elementor – Audio Player & Podcast Player
  • Cryptocurrency Product for WooCommerce
  • WooCommerce Next Order Coupon
  • Overlay Image Divi Module
  • Email Header Footer
  • Document Viewer- Plugin to Display MS Office Docs
  • Price Bands for WooCommerce
  • Elementor Addon Elements
  • Smart Variations Images & Swatches for WooCommerce
  • Featured Images in RSS for Mailchimp & More
  • Simple Sponsorships
  • Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
  • Joli Table Of Contents
  • Sparrow: Product Reviews and Ratings for WooCommerce
  • Multi Page Auto Advance for Gravity Forms
  • Generate Images – Magic Post Thumbnail
  • Live Scores for SportsPress
  • Hide Shipping Method For WooCommerce
  • Ultimate Carousel For Divi
  • WP Meta and Date Remover
  • Image Carousel For Divi
  • Comments Not Replied To
  • Contact Form 7 – Capsule CRM – Integration
  • Opensea
  • WordPress Translation plugin for Post, Pages & WooCommerce products. Tranzly IO AI DeepL automatic WordPress Translator.
  • Pixel Manager for WooCommerce – Track Google Analytics, Google Ads, TikTok and more
  • Modern Addons for Elementor Page Builder
  • Viralike
  • WordPress Dev Powers – Element Selector jQuery Powers Plugin
  • WP Munich Blocks – Gutenberg Blocks for WordPress
  • Availability datepicker – Integrate with Contact Form 7 and Divi
  • Footer Plugin for Divi
  • Accept Stripe Donation and Payments – AidWP
  • New User Approve
  • GFireM Advance Search
  • WPMailer – The best mail builder, No More Core for your emails support Elementor, CF7 forms etc…
  • Shared Files – Frontend File Upload Form & Secure File Sharing
  • WPBITS Addons For Elementor Page Builder
  • Speculor
  • WP Google Street View (with 360° virtual tour) & Google maps + Local SEO
  • WordPress Everse Starter Sites – Elementor Templates
  • Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations
  • Choice Payment Gateway for WooCommerce
  • Domain Mapping System | Create Microsites with Multiple Alias Domains (multisite optional)
  • Order and Inventory Manager for WooCommerce
  • Ninja Libs Amazon SES
  • Delete All Comments of wordpress
  • WP-Cron Status Checker
  • CodeKit – Custom Codes Editor
  • FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel
  • Change Price Title for WooCommerce
  • WordPress Gallery Plugin – Edge Photo Gallery
  • Glorious Services & Support
  • Easy Newsletter Signups
  • Announcement & Notification Banner – Bulletin
  • Advanced Database Replacer
  • Multisite Robots.txt Manager
  • Simple Social Page Widget & Shortcode
  • WooCommerce Country Catalogs – Product Country Restrictions
  • Front End PM
  • Ultimate Divi Modules Suite – Divi Sumo Lite
  • XT Points & Rewards for WooCommerce
  • Widgets for WooCommerce Products on Elementor
  • Delivery for WooCommerce
  • WP SMS Plugin – WordPress SMS Two Factor Authentication – 2FA, Two Factor, OTP SMS and Email
  • Security Ninja – Secure Firewall & Secure Malware Scanner
  • TinyMCE Annotate
  • Justified Gallery
  • Book BuyBack Prices
  • Fuse Social Floating Sidebar
  • WP-HR Manager: The Human Resources Plugin for WordPress
  • Emails Blacklist for Everest Forms
  • All-in-One Video Gallery
  • Woo Admin Product Notes
  • Remove Add to Cart WooCommerce
  • Checkout with Zelle on Woocommerce
  • WP Tools Gravity Forms Divi Module
  • Everse
  • Run time Image resizing
  • Rest Routes – Custom Endpoints

Produitinformation

Taper

Nom

Version

CPE 2.3information

CPE 2.2information

CVSSv4information

VulDB Vecteur: 🔍
VulDB Fiabilité: 🔍

CVSSv3information

VulDB Score méta-base: 5.3
VulDB Score méta-temporaire: 5.2

VulDB Note de base: 4.3
VulDB Note temporaire: 4.1
VulDB Vecteur: 🔍
VulDB Fiabilité: 🔍

CNA Note de base: 6.3
CNA Vecteur (Wordfence): 🔍

CVSSv2information

AVACAuCIA
💳💳💳💳💳💳
💳💳💳💳💳💳
💳💳💳💳💳💳
VecteurComplexitéAuthentificationConfidentialitéIntégritéDisponibilité
DéverrouillerDéverrouillerDéverrouillerDéverrouillerDéverrouillerDéverrouiller
DéverrouillerDéverrouillerDéverrouillerDéverrouillerDéverrouillerDéverrouiller
DéverrouillerDéverrouillerDéverrouillerDéverrouillerDéverrouillerDéverrouiller

VulDB Note de base: 🔍
VulDB Note temporaire: 🔍
VulDB Fiabilité: 🔍

Exploitationinformation

Classe: Cross site request forgery
CWE: CWE-352 / CWE-862 / CWE-863
CAPEC: 🔍
ATT&CK: 🔍

Physique: Non
Local: Non
Remote: Oui

Disponibilité: 🔍
Statut: Non défini

EPSS Score: 🔍
EPSS Percentile: 🔍

Prédiction de prix: 🔍
Estimation actuelle des prix: 🔍

0-DayDéverrouillerDéverrouillerDéverrouillerDéverrouiller
Aujourd'huiDéverrouillerDéverrouillerDéverrouillerDéverrouiller

Renseignements sur les menacesinformation

Intérêt: 🔍
Acteurs actifs: 🔍
Groupes APT actifs: 🔍

Contre-mesuresinformation

Recommandé: Mise à niveau
Statut: 🔍

Heure 0 jour: 🔍

Mise à niveau: Freemius SDK 2.0.2

Chronologieinformation

15/10/2024 🔍
16/10/2024 +1 jours 🔍
16/10/2024 +0 jours 🔍
05/03/2025 +140 jours 🔍

Sourcesinformation

Bulletin: wordfence.com
Statut: Confirmé

CVE: CVE-2022-4974 (🔍)
GCVE (CVE): GCVE-0-2022-4974
GCVE (VulDB): GCVE-100-280595

Entréeinformation

Créé: 16/10/2024 10:22
Mise à jour: 05/03/2025 09:02
Changements: 16/10/2024 10:22 (66), 05/03/2025 09:02 (3)
Complet: 🔍
Cache ID: 216::103

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Discussion

Aucun commentaire pour l'instant. Langues: fr + it + en.

Veuillez vous connecter pour commenter.

PrécédentAperçuSuivant

Do you know our Splunk app?

Download it now for free!