CVE-2022-4974

Name of the Vulnerable Software and Affected Versions Freemius SDK versions up to, and including 2.4.2 Freemius SDK versions prior to 2.4.3

Description The issue concerns Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the checkPassword() is not mentioned but the following functions are: get debug log, get db option, and the set db option functions.

Recommendations For Freemius SDK versions up to, and including 2.4.2, update to version 2.4.3 or later. For Freemius SDK versions prior to 2.4.3, update to version 2.4.3 or later.