They rolled out an update (v5.4.4) which states the following in the Changelog:
Updated – Freemius SDK
Fixed – Security fix
But iThemes Security is still stating the following for this version:
“Unauthorised AJAX Calls via Freemius”
Can we confirm that version 5.4.4 has the vulnerability patched?
I love when things work out the way they are supposed to. This is what a community like this is all about….
@miguelrzdesign17
But iThemes Security is still stating the following for this version:
“Unauthorised AJAX Calls via Freemius”
Can we confirm that version 5.4.4 has the vulnerability patched?
Yes, a lot of plugins and themes have been affected due to this issue as reported on the below page.
https://wpscan.com/vulnerability/6dae6dca-7474-4008-9fe5-4c62b9f12d0a
The issue is fixed in the latest released plugin version 5.4.4 so please make sure that you are using the latest version of the plugin.
Also, It seems this is taking some time to update the iThemes Security database so it is still displaying the issue but you can contact directly to iThemes Security to know more about it.
Vinod, you’re 100% on this? I don’t mean to doubt you but these alerts still coming in from iThemes AND Malcare are distressing. Along with PatchStack, these are three very well respected security services that are constantly monitoring things. I’ve gotten alerts today from the first two stating that this plugin is still vulnerable.
@patrickhealy Please make sure that you are using the latest version of the plugin.
I visited their below websites but didn’t see any open issues related to the plugin.
https://ithemes.com/blog/category/wordpress-security/
https://patchstack.com/database/vulnerability/add-search-to-menu
If you need more support then could you please contact me using the below form?
https://ivorysearch.com/contact/
