WP Meta and Date Remover, 6dae6dca-7474-4008-9fe5-4c62b9f12d0a

CVE, Research URL: 6dae6dca-7474-4008-9fe5-4c62b9f12d0a
Home page URL: Security reports for WP Meta and Date Remover
Application: WP Meta and Date Remover
Published on: -
Research Description: WP Meta and Date Remover [wp-meta-and-date-remover] < 1.9.6 Unauthorised AJAX Calls via Freemius The plugins and themes use an insecure version of the Freemius Framework, which is lacking CSRF and/or authorisation in some of its AJAX actions. As a result, any authenticated users, such as subscriber could access the debug logs. Unauthenticated attackers could also make a logged in admin toggle the debug mode via a CSRF attack.
Affected versions: max 1.9.6.
Status: vulnerable