freemius-lite

  • Resolved jamisonb

    (@jamisonb)


    1 month, 2 weeks ago

    Sucuri, server-side scanner is flagging the plugin –

    vulnerable Freemius Library plugin found at ./wp-content/plugins/b-carousel-block/vendor/freemius-lite/start.php – Version: 2.1.3 Please update this plugin immediately: https://freemius.com/blog/freemius-wordpress-sdk-security-vulnerability/

    I’m not sure if this is correct or a false positive, but, it is finding this version from the
    start.php file it listed. ->

    <?php
    $this_sdk_version = ‘2.1.3’;


    Whereas inside the base dir, and the freemius-lite.php file

    if (!class_exists(‘Freemius_Lite’)) {
    class Freemius_Lite
    {
    private const SDK_VERSION = ‘2.5.12’;


    It at least seems to be, that Sucuri is throwing a false positive, because of that start file and it could perhaps be updated to indicate the actual version of that Freemius to avoid any confusion.

    Thanks,
    Jamison

Viewing 1 replies (of 1 total)
  • Plugin Author Charles Cormier

    (@charlescormier)

    1 month, 2 weeks ago

    Hi @jamisonb,

    Apologies for the version confusion. We’ve updated the plugin and released a new version—please update to the latest version. The version numbers should now match correctly.

    Note: This SDK is different from the Freemius SDK. It’s a separate SDK built on top of Freemius, but it isn’t the same one.

    Thank you!

Viewing 1 replies (of 1 total)

You must be logged in to reply to this topic.