Security Risk?

  • Hi, I love this plugin, but also getting security issues flagged:

    Unauthorised AJAX Calls via Freemius
    The plugins and themes use an insecure version of the Freemius Framework, which is lacking CSRF and/or authorisation in some of its AJAX actions. As a result, any authenticated users, such as subscriber could access the debug logs. Unauthenticated attackers could also make a logged in admin toggle the debug mode via a CSRF attack.

    If you get a chance to update this, it would really be appreciated ??

  • The topic ‘Security Risk?’ is closed to new replies.