security vulnerability

  • Resolved yuehlia

    (@yuehlia)


    1 year, 3 months ago

    Hello there,

    Wordfence reported that this plugin has vulnerability issue that needs fixing. Can you please update.

    Details:
    Description:
    The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

    Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
    CVSS: VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    CVE: CVE-2023-33999
    CVSS: 6.1 (Medium)
    Publicly Published: July 18, 2023
    Last Updated: August 8, 2023
    Researcher: Rafie Muhammad – Patchstack

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘security vulnerability’ is closed to new replies.

Tags