cleantalk
Vulnerabilities and Security Researches

WP Meta and Date Remover, 6dae6dca-7474-4008-9fe5-4c62b9f12d0a

CVE, Research URL

6dae6dca-7474-4008-9fe5-4c62b9f12d0a

Home page URL

Security reports for WP Meta and Date Remover

Application

WP Meta and Date Remover

Published on
-
Research Description
WP Meta and Date Remover [wp-meta-and-date-remover] < 1.9.6 Unauthorised AJAX Calls via Freemius The plugins and themes use an insecure version of the Freemius Framework, which is lacking CSRF and/or authorisation in some of its AJAX actions. As a result, any authenticated users, such as subscriber could access the debug logs. Unauthenticated attackers could also make a logged in admin toggle the debug mode via a CSRF attack.
Affected versions
max 1.9.6.
Status
vulnerable
Previous vulnerability researches
Posts List Designer by Category &#8211; List Category Posts Or Recent Posts (CVE-2024-13362) , May 03, 2026
Posts List Designer by Category &#8211; List Category Posts Or Recent Posts (067b21bad31febc63c1cd2b3a0a852869e1df9cc) , Jun 06, 2024
Posts List Designer by Category &#8211; List Category Posts Or Recent Posts (CVE-2022-4749) , Jun 06, 2024
Posts List Designer by Category &#8211; List Category Posts Or Recent Posts (e7273a52d37b10c428e20c81e144ab0d172f52c8) , Jun 16, 2026
Posts List Designer by Category &#8211; List Category Posts Or Recent Posts (CVE-2024-23502) , Jun 06, 2024
New vulnerability
Companion Auto Update (8f0e42fbcafedfe8c5a1a2e574977b4c09516724) , Jun 16, 2026
Companion Auto Update (7cd2d4dc-1f88-40bb-b32c-c047aeaa7996) , Jun 16, 2026
Companion Auto Update (4ed0f911f8fcd2b401511da7c4879e693fff1d89) , Jun 16, 2026
WordPress Translation plugin for Post, Pages &amp; WooCommerce products. Tranzly IO AI DeepL automatic WordPress Translator. (6d8910c719b2a132ec93828cd37e418b19cac960) , Jun 16, 2026
WordPress Translation plugin for Post, Pages &amp; WooCommerce products. Tranzly IO AI DeepL automatic WordPress Translator. (0b128c2a9f79294ec38736ed95077005e1cdb5a2) , Jun 16, 2026