cleantalk
Vulnerabilities and Security Researches

Payment Gateway for PayFabric, 6d8910c719b2a132ec93828cd37e418b19cac960

CVE, Research URL

6d8910c719b2a132ec93828cd37e418b19cac960

Home page URL

Security reports for Payment Gateway for PayFabric

Application

Payment Gateway for PayFabric

Published on
Mar 04, 2022
Research Description
Payment Gateway for PayFabric [payment-gateway-payfabric] < 1.0.12 Freemius SDK <= 2.4.2 - Missing Authorization Checks The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
Affected versions
max 1.0.12.
Status
vulnerable
Previous vulnerability researches
My auctions allegro (CVE-2025-27009) , Apr 16, 2025
My auctions allegro (CVE-2024-11707) , Dec 06, 2024
My auctions allegro (CVE-2025-68567) , Jan 10, 2026
My auctions allegro (CVE-2025-68566) , Jan 10, 2026
My auctions allegro (CVE-2025-12851) , Dec 10, 2025
New vulnerability
Appy Pie Connect for WooCommerce (CVE-2023-53611) , Jun 16, 2026
Wishlist and Compare for WooCommerce (ad09a648-3c34-4870-b156-097af4fd7a57) , Jun 16, 2026
WPvivid Backup for MainWP (2c3fbbc425bd92d0f969e669e6a4b8564997aa02) , Jun 16, 2026
WPvivid Backup for MainWP (ec00cf2f6a6757dc3371250c1689bf0e482f89f9) , Jun 16, 2026
GoDaddy Email Marketing (721acd71d13186ecf815419489d4f110132c0d3b) , Jun 16, 2026