Unauthorised AJAX Calls via Freemius

  • Resolved realadulting101

    (@realadulting101)


    3 years ago

    Hi there,
    i got this email from my host notifying me that your plugin has a security issue. are you able to fix this? it says this:
    “The plugins and themes use an insecure version of the Freemius Framework, which is lacking CSRF and/or authorisation in some of its AJAX actions. As a result, any authenticated users, such as subscriber could access the debug logs. Unauthenticated attackers could also make a logged in admin toggle the debug mode via a CSRF attack.”
    Please let me know if this can be fixed. thank you so much

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • webgiraudi

    (@webgiraudi)

    Hello,
    same problem found on my website.
    iTheme security reported Unauthorised AJAX Calls via Freemius with User Menus – Nav Menu Visibility v1.2.8

    Thank you in advance for your help.

    Plugin Author Daniel Iser

    (@danieliser)

    @webgiraudi, @realadulting101 – This was patched last night. Please update to the latest version. Hope that helps.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Unauthorised AJAX Calls via Freemius’ is closed to new replies.