Auth bypass in 5starplugins Easy Age Verify
CVE-2022-4974
The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_op…
Vulnerability class: Broken Access Control
EPSS: 0.002 (42.9th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L.
Affected products
- 5starplugins Easy Age Verify — versions 0
- 5starplugins Featured Images In Rss For Mailchimp & More — versions 0
- 5starplugins Marijuana Age Verify — versions 0
- 9brada6 Tabs With Recommended Posts (Widget) — versions 0
- Actuaryzask Azw Woocommerce File Uploads — versions 0
- Aguilerasoft Conversion De Moneda Woocommerce — versions 0
- Aharonyan Guest Posting / Frontend Front Editor – Wp User Submit — versions 0
- Ahmed17 Cf7 Constant Contact Fields Mapping — versions 0
- Ahmed17 Menu Item Scheduler — versions 0
- Ahmed17 Rw Divi Unite Gallery — versions 0
Weakness classification (CWE)
Public proof-of-concept exploits
References
- www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86…
- wpscan.com/vulnerability/6dae6dca-7474-4008-9fe5-4c62b9f12d0a
- freemius.com/blog/managing-security-issues-open-source-freemius-sdk-security-di…
- wpdirectory.net/search/01FWPVWA7BC5DYGZHNSZQ9QMN5
- wpdirectory.net/search/01G02RSGMFS1TPT63FS16RWEYR
- web.archive.org/web/20220225174410/https://www.pluginvulnerabilities.com/2022/0…
Frequently asked questions
- What is CVE-2022-4974?
- CVE-2022-4974 is a medium-severity vulnerability in 5starplugins Easy Age Verify, classified under Missing Authorization. CVSS score: 6.3/10. Published 2024-10-16.
- How severe is CVE-2022-4974?
- Medium severity. CVSS v3 base score is 6.3 out of 10.
- Is CVE-2022-4974 known to be exploited?
- 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.