VDB-280595 · CVE-2022-4974 · GCVE-0-2022-4974

Freemius SDK 直到 2.0.1 于 WordPress _get_debug_log/_get_db_option/_set_db_option 跨网站请求伪造

CVSS 元临时分数	当前攻击价格 (≈)	CTI兴趣分数
5.2	$0-$5k	0.00

摘要信息

在Freemius SDK 直到 2.0.1中已发现了分类为棘手的漏洞。此漏洞会影响功能 _get_debug_log/_get_db_option/_set_db_option。对的操作导致跨网站请求伪造。此漏洞被标识为CVE-2022-4974。攻击可以远程发起，没有可利用漏洞。建议升级受影响的组件。

细节信息

在Freemius SDK 直到 2.0.1中已发现了分类为棘手的漏洞。此漏洞会影响功能 _get_debug_log/_get_db_option/_set_db_option。对的操作导致跨网站请求伪造。使用 CWE 声明该问题会导致 CWE-352。此漏洞的脆弱性所发布。该通告可在 wordfence.com 下载。

此漏洞被标识为CVE-2022-4974。 CVE分配发生在2024-10-15。攻击可以远程发起，有技术细节可用。该漏洞的流行度低于平均水平。没有可利用漏洞。目前，大约为美元 $0-$5k。

如果存在长度，则其被声明为未定义。

升级到版本 2.0.2 可以解决此问题。建议升级受影响的组件。

受影响

YASR – Yet Another Star Rating Plugin for WordPress
Events Addon for Elementor
Fraud Prevention For WooCommerce and EDD
Gutenberg Blocks – ACF Blocks Suite
Ultimeter
Past Events Extension
Pootle Pagebuilder – WordPress Page builder
Local Delivery Drivers for WooCommerce
Ultimate Gutenberg – Custom Block Templates
WP Required Taxonomies – Categories and Tags Mandatory
Featured Products First for WooCommerce – A Extension of WooCommerce (WooCommerce Addon Plugin)
SSL Certificate – Free SSL, HTTPS by SSL Zen
Streak CRM For Gmail For Contact Form 7 – WordPress Plugin
WordPress Dev Powers – ACF Color Coded Field Types Plugin
DancePress (TRWA)
Product Size Charts Plugin for WooCommerce
Wp My Admin Bar
A no-code page builder for beautiful performance-based content
LocalSEOMap
Easy Prayer
AdFoxly – Ad Manager, AdSense Ads & Ads.txt
WP Get Personal
Checkout with Cash App on EDD
Server Info
Custom WooCommerce Checkout Fields Editor
KRSP Frontend File Uploader
Panorama Viewer- Best Plugin to Display Panoramic Images/Videos
Bulk Attachment Download
AutoSave Net
Premmerce Wholesale Pricing for WooCommerce
Any Popup – Popup Forms, Optins & Ads
Checkout with Venmo on EDD
Payment gateway per Product for WooCommerce
HQTheme Extra
Vit Website Reviews
WooCommerce EU VAT Assistant
WordPress Slider Block Gutenslider
HuCommerce | Magyar WooCommerce kiegészítések
KVoucher
Video Player for YouTube
Error Log Monitor
SlideDeck: Responsive WordPress Slider Plugin
Premmerce Multi-currency for Woocommerce
Booking Addon for WooCommerce
WP Event Partners – WordPress Plugin for Event and Conference Management
WC Shop Sync – Square Payment Gateway for WooCommerce, Inventory Sync Between Square and WooCommerce, Ultimate WooCommerce Square Plugin
Add Expires Headers & Optimized Minify
ForceField
FIT: Featured Image Toolkit
All in One Invite Codes
Dynamic Pricing and Discount Rules for WooCommerce
Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss
Grid & Styler For Contact Form 7 And Divi
Protect Uploads with Login – Protect Your Uploads
Atlas – Knowledge Base
Simple Sitemap – Create a Responsive HTML Sitemap
Super Video Player- Best WordPress Video Display Plugin for mp4/OGG
WordPress Books Gallery
FiboSearch – Ajax Search for WooCommerce
Tag Groups is the Advanced Way to Display Your Taxonomy Terms
WP Free SSL – Free SSL Certificate for WordPress and force HTTPS
ClickerVolt – Affiliate Links & Click Tracking for Performance Marketers
ConsultPress Lite
Divi Forms Styler – Gravity Forms, Fluent Forms & Contact Form 7
StreamWeasels Twitch Integration
Mobile View for Responsive web design optimization (UX design) + Mobile Friendly Test
Zip Code Redirect
Guestofy – Restaurant Reservations Plugin, Room Planer, Reservation Form
CF7 Constant Contact Fields Mapping
Booking Calendar | Appointment Booking | Bookit
EthereumICO
RT Easy Builder – Advanced addons for Elementor
WP Contact Slider
Country Based Payments for WooCommerce
Filr – Secure document library
Elasta
MapGeo – Interactive Geo Maps
WordPress Animation Plugin – Animated Everything
WP Notification Bell
Activity Log For MainWP
Connected Sermons
Bulk Edit and Create User Profiles – WP Sheet Editor
Кнопка ЮMoney
Bulk WooCommerce Category Creator
Easy Math Captcha for CF7
Master Accordion ( Former WP Awesome FAQ Plugin )
Better Elementor Addons
Elementor Addons by Livemesh
Place Order Without Payment for WooCommerce
STEWoo – Super Transactional Emails for WooCommerce
DeMomentSomTres Address
Out of stock display for woocommerce
Ultimate Blocks – WordPress Blocks Plugin
Bulk Auto Image Title Attribute (Image Title tag) optimizer (Image SEO)
WP Radio – Worldwide Online Radio Stations Directory for WordPress
BookPress – For Book Authors
Qyrr – simply and modern QR-Code creation
WordPress Directory Plugin For Business Listings – WP Local Plus
Equalize Digital Accessibility Checker – Audit Your Website for WCAG, ADA, and Section 508 Accessibility Errors
Funnelmentals
Blockspare: Gutenberg Blocks & Patterns for Blogs, Magazines, Business Sites – Post Grids, Sliders, Carousels, Counters, Page Builder & Starter Site Imports, No Coding Needed
Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook
Product Carousel For WooCommerce – WoorouSell
WordPress Robots.txt optimizer (+ XML Sitemap) – Boost SEO, Traffic & Rankings
GFireM Fields
Coupon Affiliates – Affiliate Plugin for WooCommerce
WP Post Block
LMS Plugin – eLearning, Online Courses by Attest
Frontend Admin by DynamiApps
Simple Giveaways – Grow your business, email lists and traffic with contests
WPTools Masonry Gallery & Posts For Divi
GFireM Action After
Woo Ukrposhta
annasta Woocommerce Product Filters
WP Lead Stream
The Events Calendar
Focus on Reviews for WooCommerce
Email Tracker – Email Tracking Plugin to track Emails for Open and Email Links Click (Compatible with WooCommerce)
Block Styler For Gravity Forms
WP Page Templates
Product Customer List for WooCommerce
WP Moose
Team Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More
Floating Social Share Icons and Social Share buttons – Next Previous Post Links – FL
South Pole: Climate action now
LittleBot Invoices
Genealogical Tree – WordPress Family Tree
Automatic YouTube Gallery
Thank You Page for WooCommerce
Marijuana Age Verify
WooCommerce upcoming Products
Frontend Admin – Add and edit posts, pages, users and more all from the frontend
SV Tracking Manager
WP EasyPay – Square for WordPress
WordPress SEO Checklist
wGauge – Free Version
Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)
Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)
WP Tools Divi Product Carousel
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor
Social Gallery Lite
Stackable – Page Builder Gutenberg Blocks
Five-Star Ratings Shortcode
CAPTCHA 4WP – Antispam CAPTCHA solution for WordPress
Premmerce Wishlist for WooCommerce
Salon Booking System
Surbma | GDPR Proof Cookie Consent & Notice Bar
Advance Menu Manager
Live TV Player – Worldwide Live TV Channels Player for WordPress
Market Exporter
WP Adminify – Custom WordPress Dashboard, Login and Admin Customizer
TK Google Fonts GDPR Compliant
Starfish Review Generation & Marketing for WordPress
WP Emaily
Education Addon for Elementor
SV Proven Expert
SurveyFunnel – Survey Plugin for WordPress
Advanced Classifieds & Directory Pro
Music Player for Elementor – Audio Player & Podcast Player
Cryptocurrency Product for WooCommerce
WooCommerce Next Order Coupon
Overlay Image Divi Module
Email Header Footer
Document Viewer- Plugin to Display MS Office Docs
Price Bands for WooCommerce
Elementor Addon Elements
Smart Variations Images & Swatches for WooCommerce
Featured Images in RSS for Mailchimp & More
Simple Sponsorships
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
Joli Table Of Contents
Sparrow: Product Reviews and Ratings for WooCommerce
Multi Page Auto Advance for Gravity Forms
Generate Images – Magic Post Thumbnail
Live Scores for SportsPress
Hide Shipping Method For WooCommerce
Ultimate Carousel For Divi
WP Meta and Date Remover
Image Carousel For Divi
Comments Not Replied To
Contact Form 7 – Capsule CRM – Integration
Opensea
WordPress Translation plugin for Post, Pages & WooCommerce products. Tranzly IO AI DeepL automatic WordPress Translator.
Pixel Manager for WooCommerce – Track Google Analytics, Google Ads, TikTok and more
Modern Addons for Elementor Page Builder
Viralike
WordPress Dev Powers – Element Selector jQuery Powers Plugin
WP Munich Blocks – Gutenberg Blocks for WordPress
Availability datepicker – Integrate with Contact Form 7 and Divi
Footer Plugin for Divi
Accept Stripe Donation and Payments – AidWP
New User Approve
GFireM Advance Search
WPMailer – The best mail builder, No More Core for your emails support Elementor, CF7 forms etc…
Shared Files – Frontend File Upload Form & Secure File Sharing
WPBITS Addons For Elementor Page Builder
Speculor
WP Google Street View (with 360° virtual tour) & Google maps + Local SEO
WordPress Everse Starter Sites – Elementor Templates
Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations
Choice Payment Gateway for WooCommerce
Domain Mapping System | Create Microsites with Multiple Alias Domains (multisite optional)
Order and Inventory Manager for WooCommerce
Ninja Libs Amazon SES
Delete All Comments of wordpress
WP-Cron Status Checker
CodeKit – Custom Codes Editor
FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel
Change Price Title for WooCommerce
WordPress Gallery Plugin – Edge Photo Gallery
Glorious Services & Support
Easy Newsletter Signups
Announcement & Notification Banner – Bulletin
Advanced Database Replacer
Multisite Robots.txt Manager
Simple Social Page Widget & Shortcode
WooCommerce Country Catalogs – Product Country Restrictions
Front End PM
Ultimate Divi Modules Suite – Divi Sumo Lite
XT Points & Rewards for WooCommerce
Widgets for WooCommerce Products on Elementor
Delivery for WooCommerce
WP SMS Plugin – WordPress SMS Two Factor Authentication – 2FA, Two Factor, OTP SMS and Email
Security Ninja – Secure Firewall & Secure Malware Scanner
TinyMCE Annotate
Justified Gallery
Book BuyBack Prices
Fuse Social Floating Sidebar
WP-HR Manager: The Human Resources Plugin for WordPress
Emails Blacklist for Everest Forms
All-in-One Video Gallery
Woo Admin Product Notes
Remove Add to Cart WooCommerce
Checkout with Zelle on Woocommerce
WP Tools Gravity Forms Divi Module
Everse
Run time Image resizing
Rest Routes – Custom Endpoints

产品信息

类型

WordPress Plugin

名称

Freemius SDK

版本

CPE 2.3信息

CPE 2.2信息

CVSSv4信息

VulDB 向量: 🔍
VulDB 可靠性: 🔍

CVSSv3信息

VulDB 元基础分数: 5.3
VulDB 元临时分数: 5.2

VulDB 基本分数: 4.3
VulDB 临时得分: 4.1
VulDB 向量: 🔍
VulDB 可靠性: 🔍

CNA 基本分数: 6.3
CNA 向量 (Wordfence): 🔍

CVSSv2信息

AV	AC	Au	C	I	A
💳	💳	💳	💳	💳	💳
💳	💳	💳	💳	💳	💳
💳	💳	💳	💳	💳	💳

向量	复杂性	身份验证	保密	完整性	可用性
开锁	开锁	开锁	开锁	开锁	开锁
开锁	开锁	开锁	开锁	开锁	开锁
开锁	开锁	开锁	开锁	开锁	开锁

VulDB 基本分数: 🔍
VulDB 临时得分: 🔍
VulDB 可靠性: 🔍

利用信息

分类: 跨网站请求伪造
CWE: CWE-352 / CWE-862 / CWE-863
CAPEC: 🔍
ATT&CK: 🔍

身体的: 否
本地: 否
远程: 是

可用性: 🔍
状态: 未定义

EPSS Score: 🔍
EPSS Percentile: 🔍

价格预测: 🔍
当前价格估算: 🔍