Freemius SDK до 2.0.1 на WordPress _get_debug_log/_get_db_option/_set_db_option подделка межсайтовых запросов

CVSS Meta Temp ScoreТекущая цена эксплойта (≈)Балл интереса CTI
5.2$0-$5k0.00

СводкаИнформация

Уязвимость была найдена в Freemius SDK до 2.0.1. Она была оценена как проблематичный. Вовлечена неизвестная функция. Манипуляция приводит к подделка межсайтовых запросов. Эта уязвимость обозначается как CVE-2022-4974. Атака может быть осуществлена удаленно. Эксплойт отсутствует. Рекомендуется обновить затронутый компонент.

ПодробностиИнформация

Уязвимость была найдена в Freemius SDK до 2.0.1. Она была оценена как проблематичный. Вовлечена неизвестная функция. Манипуляция приводит к подделка межсайтовых запросов. Использование CWE для описания проблемы приводит к CWE-352. Слабость была опубликована. Консультация доступна для загрузки на wordfence.com.

Эта уязвимость обозначается как CVE-2022-4974. Назначение CVE произошло 15.10.2024. Атака может быть осуществлена удаленно. Имеются технические подробности. Популярность этой уязвимости ниже среднего. Эксплойт отсутствует. В настоящее время текущая цена эксплойта может составлять примерно USD $0-$5k.

Объявляется Не определено.

Обновление до 2.0.2 может устранить эту уязвимость. Рекомендуется обновить затронутый компонент.

Затронуто

  • YASR – Yet Another Star Rating Plugin for WordPress
  • Events Addon for Elementor
  • Fraud Prevention For WooCommerce and EDD
  • Gutenberg Blocks – ACF Blocks Suite
  • Ultimeter
  • Past Events Extension
  • Pootle Pagebuilder – WordPress Page builder
  • Local Delivery Drivers for WooCommerce
  • Ultimate Gutenberg – Custom Block Templates
  • WP Required Taxonomies – Categories and Tags Mandatory
  • Featured Products First for WooCommerce – A Extension of WooCommerce (WooCommerce Addon Plugin)
  • SSL Certificate – Free SSL, HTTPS by SSL Zen
  • Streak CRM For Gmail For Contact Form 7 – WordPress Plugin
  • WordPress Dev Powers – ACF Color Coded Field Types Plugin
  • DancePress (TRWA)
  • Product Size Charts Plugin for WooCommerce
  • Wp My Admin Bar
  • A no-code page builder for beautiful performance-based content
  • LocalSEOMap
  • Easy Prayer
  • AdFoxly – Ad Manager, AdSense Ads & Ads.txt
  • WP Get Personal
  • Checkout with Cash App on EDD
  • Server Info
  • Custom WooCommerce Checkout Fields Editor
  • KRSP Frontend File Uploader
  • Panorama Viewer- Best Plugin to Display Panoramic Images/Videos
  • Bulk Attachment Download
  • AutoSave Net
  • Premmerce Wholesale Pricing for WooCommerce
  • Any Popup – Popup Forms, Optins & Ads
  • Checkout with Venmo on EDD
  • Payment gateway per Product for WooCommerce
  • HQTheme Extra
  • Vit Website Reviews
  • WooCommerce EU VAT Assistant
  • WordPress Slider Block Gutenslider
  • HuCommerce | Magyar WooCommerce kiegészítések
  • KVoucher
  • Video Player for YouTube
  • Error Log Monitor
  • SlideDeck: Responsive WordPress Slider Plugin
  • Premmerce Multi-currency for Woocommerce
  • Booking Addon for WooCommerce
  • WP Event Partners – WordPress Plugin for Event and Conference Management
  • WC Shop Sync – Square Payment Gateway for WooCommerce, Inventory Sync Between Square and WooCommerce, Ultimate WooCommerce Square Plugin
  • Add Expires Headers & Optimized Minify
  • ForceField
  • FIT: Featured Image Toolkit
  • All in One Invite Codes
  • Dynamic Pricing and Discount Rules for WooCommerce
  • Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss
  • Grid & Styler For Contact Form 7 And Divi
  • Protect Uploads with Login – Protect Your Uploads
  • Atlas – Knowledge Base
  • Simple Sitemap – Create a Responsive HTML Sitemap
  • Super Video Player- Best WordPress Video Display Plugin for mp4/OGG
  • WordPress Books Gallery
  • FiboSearch – Ajax Search for WooCommerce
  • Tag Groups is the Advanced Way to Display Your Taxonomy Terms
  • WP Free SSL – Free SSL Certificate for WordPress and force HTTPS
  • ClickerVolt – Affiliate Links & Click Tracking for Performance Marketers
  • ConsultPress Lite
  • Divi Forms Styler – Gravity Forms, Fluent Forms & Contact Form 7
  • StreamWeasels Twitch Integration
  • Mobile View for Responsive web design optimization (UX design) + Mobile Friendly Test
  • Zip Code Redirect
  • Guestofy – Restaurant Reservations Plugin, Room Planer, Reservation Form
  • CF7 Constant Contact Fields Mapping
  • Booking Calendar | Appointment Booking | Bookit
  • EthereumICO
  • RT Easy Builder – Advanced addons for Elementor
  • WP Contact Slider
  • Country Based Payments for WooCommerce
  • Filr – Secure document library
  • Elasta
  • MapGeo – Interactive Geo Maps
  • WordPress Animation Plugin – Animated Everything
  • WP Notification Bell
  • Activity Log For MainWP
  • Connected Sermons
  • Bulk Edit and Create User Profiles – WP Sheet Editor
  • Кнопка ЮMoney
  • Bulk WooCommerce Category Creator
  • Easy Math Captcha for CF7
  • Master Accordion ( Former WP Awesome FAQ Plugin )
  • Better Elementor Addons
  • Elementor Addons by Livemesh
  • Place Order Without Payment for WooCommerce
  • STEWoo – Super Transactional Emails for WooCommerce
  • DeMomentSomTres Address
  • Out of stock display for woocommerce
  • Ultimate Blocks – WordPress Blocks Plugin
  • Bulk Auto Image Title Attribute (Image Title tag) optimizer (Image SEO)
  • WP Radio – Worldwide Online Radio Stations Directory for WordPress
  • BookPress – For Book Authors
  • Qyrr – simply and modern QR-Code creation
  • WordPress Directory Plugin For Business Listings – WP Local Plus
  • Equalize Digital Accessibility Checker – Audit Your Website for WCAG, ADA, and Section 508 Accessibility Errors
  • Funnelmentals
  • Blockspare: Gutenberg Blocks & Patterns for Blogs, Magazines, Business Sites – Post Grids, Sliders, Carousels, Counters, Page Builder & Starter Site Imports, No Coding Needed
  • Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook
  • Product Carousel For WooCommerce – WoorouSell
  • WordPress Robots.txt optimizer (+ XML Sitemap) – Boost SEO, Traffic & Rankings
  • GFireM Fields
  • Coupon Affiliates – Affiliate Plugin for WooCommerce
  • WP Post Block
  • LMS Plugin – eLearning, Online Courses by Attest
  • Frontend Admin by DynamiApps
  • Simple Giveaways – Grow your business, email lists and traffic with contests
  • WPTools Masonry Gallery & Posts For Divi
  • GFireM Action After
  • Woo Ukrposhta
  • annasta Woocommerce Product Filters
  • WP Lead Stream
  • The Events Calendar
  • Focus on Reviews for WooCommerce
  • Email Tracker – Email Tracking Plugin to track Emails for Open and Email Links Click (Compatible with WooCommerce)
  • Block Styler For Gravity Forms
  • WP Page Templates
  • Product Customer List for WooCommerce
  • WP Moose
  • Team Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More
  • Floating Social Share Icons and Social Share buttons – Next Previous Post Links – FL
  • South Pole: Climate action now
  • LittleBot Invoices
  • Genealogical Tree – WordPress Family Tree
  • Automatic YouTube Gallery
  • Thank You Page for WooCommerce
  • Marijuana Age Verify
  • WooCommerce upcoming Products
  • Frontend Admin – Add and edit posts, pages, users and more all from the frontend
  • SV Tracking Manager
  • WP EasyPay – Square for WordPress
  • WordPress SEO Checklist
  • wGauge – Free Version
  • Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)
  • Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)
  • WP Tools Divi Product Carousel
  • Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor
  • Social Gallery Lite
  • Stackable – Page Builder Gutenberg Blocks
  • Five-Star Ratings Shortcode
  • CAPTCHA 4WP – Antispam CAPTCHA solution for WordPress
  • Premmerce Wishlist for WooCommerce
  • Salon Booking System
  • Surbma | GDPR Proof Cookie Consent & Notice Bar
  • Advance Menu Manager
  • Live TV Player – Worldwide Live TV Channels Player for WordPress
  • Market Exporter
  • WP Adminify – Custom WordPress Dashboard, Login and Admin Customizer
  • TK Google Fonts GDPR Compliant
  • Starfish Review Generation & Marketing for WordPress
  • WP Emaily
  • Education Addon for Elementor
  • SV Proven Expert
  • SurveyFunnel – Survey Plugin for WordPress
  • Advanced Classifieds & Directory Pro
  • Music Player for Elementor – Audio Player & Podcast Player
  • Cryptocurrency Product for WooCommerce
  • WooCommerce Next Order Coupon
  • Overlay Image Divi Module
  • Email Header Footer
  • Document Viewer- Plugin to Display MS Office Docs
  • Price Bands for WooCommerce
  • Elementor Addon Elements
  • Smart Variations Images & Swatches for WooCommerce
  • Featured Images in RSS for Mailchimp & More
  • Simple Sponsorships
  • Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
  • Joli Table Of Contents
  • Sparrow: Product Reviews and Ratings for WooCommerce
  • Multi Page Auto Advance for Gravity Forms
  • Generate Images – Magic Post Thumbnail
  • Live Scores for SportsPress
  • Hide Shipping Method For WooCommerce
  • Ultimate Carousel For Divi
  • WP Meta and Date Remover
  • Image Carousel For Divi
  • Comments Not Replied To
  • Contact Form 7 – Capsule CRM – Integration
  • Opensea
  • WordPress Translation plugin for Post, Pages & WooCommerce products. Tranzly IO AI DeepL automatic WordPress Translator.
  • Pixel Manager for WooCommerce – Track Google Analytics, Google Ads, TikTok and more
  • Modern Addons for Elementor Page Builder
  • Viralike
  • WordPress Dev Powers – Element Selector jQuery Powers Plugin
  • WP Munich Blocks – Gutenberg Blocks for WordPress
  • Availability datepicker – Integrate with Contact Form 7 and Divi
  • Footer Plugin for Divi
  • Accept Stripe Donation and Payments – AidWP
  • New User Approve
  • GFireM Advance Search
  • WPMailer – The best mail builder, No More Core for your emails support Elementor, CF7 forms etc…
  • Shared Files – Frontend File Upload Form & Secure File Sharing
  • WPBITS Addons For Elementor Page Builder
  • Speculor
  • WP Google Street View (with 360° virtual tour) & Google maps + Local SEO
  • WordPress Everse Starter Sites – Elementor Templates
  • Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations
  • Choice Payment Gateway for WooCommerce
  • Domain Mapping System | Create Microsites with Multiple Alias Domains (multisite optional)
  • Order and Inventory Manager for WooCommerce
  • Ninja Libs Amazon SES
  • Delete All Comments of wordpress
  • WP-Cron Status Checker
  • CodeKit – Custom Codes Editor
  • FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel
  • Change Price Title for WooCommerce
  • WordPress Gallery Plugin – Edge Photo Gallery
  • Glorious Services & Support
  • Easy Newsletter Signups
  • Announcement & Notification Banner – Bulletin
  • Advanced Database Replacer
  • Multisite Robots.txt Manager
  • Simple Social Page Widget & Shortcode
  • WooCommerce Country Catalogs – Product Country Restrictions
  • Front End PM
  • Ultimate Divi Modules Suite – Divi Sumo Lite
  • XT Points & Rewards for WooCommerce
  • Widgets for WooCommerce Products on Elementor
  • Delivery for WooCommerce
  • WP SMS Plugin – WordPress SMS Two Factor Authentication – 2FA, Two Factor, OTP SMS and Email
  • Security Ninja – Secure Firewall & Secure Malware Scanner
  • TinyMCE Annotate
  • Justified Gallery
  • Book BuyBack Prices
  • Fuse Social Floating Sidebar
  • WP-HR Manager: The Human Resources Plugin for WordPress
  • Emails Blacklist for Everest Forms
  • All-in-One Video Gallery
  • Woo Admin Product Notes
  • Remove Add to Cart WooCommerce
  • Checkout with Zelle on Woocommerce
  • WP Tools Gravity Forms Divi Module
  • Everse
  • Run time Image resizing
  • Rest Routes – Custom Endpoints

ПродуктИнформация

Тип

Имя

Версия

CPE 2.3Информация

CPE 2.2Информация

CVSSv4Информация

VulDB Вектор: 🔍
VulDB Надёжность: 🔍

CVSSv3Информация

VulDB Meta Base Score: 5.3
VulDB Meta Temp Score: 5.2

VulDB Базовый балл: 4.3
VulDB Временная оценка: 4.1
VulDB Вектор: 🔍
VulDB Надёжность: 🔍

CNA Базовый балл: 6.3
CNA Вектор (Wordfence): 🔍

CVSSv2Информация

AVACAuCIA
💳💳💳💳💳💳
💳💳💳💳💳💳
💳💳💳💳💳💳
ВекторСложностьАутентификацияКонфиденциальностьЦелостностьДоступность
РазблокироватьРазблокироватьРазблокироватьРазблокироватьРазблокироватьРазблокировать
РазблокироватьРазблокироватьРазблокироватьРазблокироватьРазблокироватьРазблокировать
РазблокироватьРазблокироватьРазблокироватьРазблокироватьРазблокироватьРазблокировать

VulDB Базовый балл: 🔍
VulDB Временная оценка: 🔍
VulDB Надёжность: 🔍

ЭксплуатацияИнформация

Класс: подделка межсайтовых запросов
CWE: CWE-352 / CWE-862 / CWE-863
CAPEC: 🔍
ATT&CK: 🔍

Физический: Нет
Локальный: Нет
Удалённый: Да

Доступность: 🔍
Статус: Не определено

EPSS Score: 🔍
EPSS Percentile: 🔍

Прогноз цен: 🔍
Оценка текущей цены: 🔍

0-DayРазблокироватьРазблокироватьРазблокироватьРазблокировать
СегодняРазблокироватьРазблокироватьРазблокироватьРазблокировать

Разведка угрозИнформация

Интерес: 🔍
Активные акторы: 🔍
Активные группы APT: 🔍

КонтрмерыИнформация

Рекомендация: Обновление
Статус: 🔍

0-дневное время: 🔍

Обновление: Freemius SDK 2.0.2

ХронологияИнформация

15.10.2024 🔍
16.10.2024 +1 дни 🔍
16.10.2024 +0 дни 🔍
05.03.2025 +140 дни 🔍

ИсточникиИнформация

Консультация: wordfence.com
Статус: Подтверждённый

CVE: CVE-2022-4974 (🔍)
GCVE (CVE): GCVE-0-2022-4974
GCVE (VulDB): GCVE-100-280595

ВходИнформация

Создано: 16.10.2024 10:22
Обновлено: 05.03.2025 09:02
Изменения: 16.10.2024 10:22 (66), 05.03.2025 09:02 (3)
Завершенный: 🔍
Cache ID: 216::103

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Обсуждение

Комментариев пока нет. Языки: ru + be + en.

Пожалуйста, войдите в систему, чтобы прокомментировать.

ПредыдущийОбзорДалее

Interested in the pricing of exploits?

See the underground prices here!