Freemius vulnerability | ww.wp.xz.cn

Resolved Ivan van der Tuuk
(@tuukie)

2 years, 10 months ago

https://www.wordfence.com/threat-intel/vulnerabilities/detail/freemius-sdk-259-reflected-cross-site-scripting-via-fs-request-get

Since the plug-in is still based on an unpatched Freemium version I saw no other alternative than temporary disable it. I hope you can come up with a fix soon.

Viewing 3 replies - 1 through 3 (of 3 total)

Plugin Author templateinvaders
(@templateinvaders)

2 years, 10 months ago

Hello @tuukie

Thank you for your concern. However, We would like to clarify that our plugin doesn’t use the Freemius SDK. It seems there may be some confusion as your concern might be applicable to another plugin.

Plugin Author templateinvaders
(@templateinvaders)

2 years, 10 months ago

We wanted to provide additional information to this topic. A certain individual from Indonesia added our plugin to the Wordfence vulnerability report. However, the versions of our plugin reported as affected are from 4 years ago. We haven’t used the Freemius SDK, to which the vulnerability is related, for several years now.

We have reported the issue to Wordfence and hope they will address it soon.

Thread Starter Ivan van der Tuuk
(@tuukie)

2 years, 10 months ago

Thank you for your quick and prompt reply and clarification!

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Freemius vulnerability’ is closed to new replies.

4 replies
3 participants
Last reply from: Ivan van der Tuuk
Last activity: 2 years, 10 months ago
Status: resolved