cleantalk
Vulnerabilities and Security Researches

WP Frontend Profile, 6d8910c719b2a132ec93828cd37e418b19cac960

CVE, Research URL

6d8910c719b2a132ec93828cd37e418b19cac960

Home page URL

Security reports for WP Frontend Profile

Application

WP Frontend Profile

Published on
Mar 04, 2022
Research Description
WP Frontend Profile [wp-front-end-profile] < 1.2.5 Freemius SDK <= 2.4.2 - Missing Authorization Checks The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
Affected versions
max 1.2.5.
Status
vulnerable
Previous vulnerability researches
WooCommerce Eway Gateway (25c033c851a6b18ed72fdc96796538b28f1b80c8) , Jun 16, 2026
WooCommerce Eway Gateway (7c85d88d9dc2379ea67793743b81c512dfec2ccf) , Jun 07, 2024
New vulnerability
Slider, Gallery, and Carousel by MetaSlider &#8211; Responsive WordPress Slideshows (47cffe4183ad23100c37289a218fe346e5af7c86) , Jun 16, 2026
Slider, Gallery, and Carousel by MetaSlider &#8211; Responsive WordPress Slideshows (e899f0cb8405cfd436770c7b0952476c4154b99c) , Jun 16, 2026
Slider, Gallery, and Carousel by MetaSlider &#8211; Responsive WordPress Slideshows (e6ff536041721a15fb67c2a2aa79733b7dc4814a) , Jun 16, 2026
Slider, Gallery, and Carousel by MetaSlider &#8211; Responsive WordPress Slideshows (49240f72da5449e0485de70c9e41a1181f2df412) , Jun 16, 2026
Slider, Gallery, and Carousel by MetaSlider &#8211; Responsive WordPress Slideshows (db37be5c6273b7fbca2994a50a5bae946ab9debc) , Jun 16, 2026