cleantalk
Vulnerabilities and Security Researches

WordPress Directory Plugin For Business Listings – WP Local Plus, 6d8910c719b2a132ec93828cd37e418b19cac960

CVE, Research URL

6d8910c719b2a132ec93828cd37e418b19cac960

Home page URL

Security reports for WordPress Directory Plugin For Business Listings – WP Local Plus

Application

WordPress Directory Plugin For Business Listings – WP Local Plus

Published on
Mar 04, 2022
Research Description
WordPress Directory Plugin For Business Listings &#8211; WP Local Plus [wplocalplus-lite] < 1.4.5 Freemius SDK <= 2.4.2 - Missing Authorization Checks The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
Affected versions
Min -, max 1.4.5.
Status
vulnerable
Previous vulnerability researches
WP Cookie Consent ( for GDPR, CCPA &amp; ePrivacy ) (CVE-2024-11724) , Dec 13, 2024
WP Cookie Consent ( for GDPR, CCPA &amp; ePrivacy ) (CVE-2024-4869) , Jun 27, 2024
WP Cookie Consent ( for GDPR, CCPA &amp; ePrivacy ) (CVE-2024-3599) , May 07, 2025
WP Cookie Consent ( for GDPR, CCPA &amp; ePrivacy ) (6d8910c719b2a132ec93828cd37e418b19cac960) , Jun 07, 2024
WP Cookie Consent ( for GDPR, CCPA &amp; ePrivacy ) (CVE-2023-23678) , Jun 07, 2024
New vulnerability
Xavin&#039;s List Subpages (CVE-2025-4220) , May 08, 2025
CarDealerPress (CVE-2025-3860) , May 08, 2025
Crossword Compiler Puzzles (CVE-2025-46493) , May 08, 2025
Frontend Dashboard (CVE-2025-4104) , May 08, 2025
Icegram Express – Email Marketing, Newsletters and Automation for WordPress &amp; WooCommerce (CVE-2025-0671) , May 08, 2025