Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter

Summary

CVE	CVE-2024-13362
State	PUBLISHED
Assigner	Wordfence
Source Priority	CVE Program / NVD first with legacy fallback
Published	2026-05-01 06:16:30 UTC
Updated	2026-05-01 06:16:30 UTC
Description	Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the url parameter in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Risk And Classification

Primary CVSS: v3.1 6.1 MEDIUM from [email protected]

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Problem Types: CWE-79 | CWE-79 CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Version	Source	Type	Score	Severity	Vector
3.1	[email protected]	Primary	6.1	MEDIUM	`CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N`
3.1	CNA	DECLARED	6.1	MEDIUM	`CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N`

CVSS v3.1 Breakdown

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Sebet	Go Fetch Jobs For WP Job Manager	affected 1.8.4.8.1 semver	Not specified
CNA	5starplugins	Dynamic Copyright Year	affected 1.0.4 semver	Not specified
CNA	Peterschulznl	Code Manager	affected 1.0.40 semver	Not specified
CNA	Bplugins	Advanced Scrollbar Custom Scrollbar Styling And Behavior	affected 1.1.3 semver	Not specified
CNA	Yuvalo	Goal Tracker Custom Event Tracking For GA4	affected 1.1.5 semver	Not specified
CNA	Essekia	Tablesome Table Contact Form DB WPForms CF7 Gravity Forminator Fluent	affected 1.1.13 semver	Not specified
CNA	Josevega	WP Page Templates	affected 1.1.16 semver	Not specified
CNA	Hkdigitalagency	Payment Gateway For ACBA BANK	affected 1.2.6 semver	Not specified
CNA	Princeahmed	Dracula Dark Mode Accessibility Reading Mode Dark Mode For WordPress	affected 1.2.7 semver	Not specified
CNA	Spiderdevs	Forumax AI Powered Advanced Community Forum Plugin	affected 1.2.7 semver	Not specified
CNA	Seezee	Five-Star Ratings Shortcode	affected 1.2.56 semver	Not specified
CNA	Oxilab	Product Layouts For WooCommerce	affected 1.3.1 semver	Not specified
CNA	Mr2p	Meta Field Block Display Custom Fields In The Block Editor Without Coding	affected 1.3.3 semver	Not specified
CNA	Themelocation	Custom WooCommerce Checkout Fields Editor	affected 1.3.4 semver	Not specified
CNA	100plugins	Open User Map	affected 1.4.0 semver	Not specified
CNA	Wpdever	WP Notification Bell	affected 1.4.2 semver	Not specified
CNA	Themelocation	Remove Add To Cart WooCommerce	affected 1.4.7 semver	Not specified
CNA	Princeahmed	File Manager For Google Drive Integrate Google Drive	affected 1.4.9 semver	Not specified
CNA	5starplugins	Marijuana Age Verify	affected 1.5.5 semver	Not specified
CNA	Infosatech	RevivePress Keep Your Old Content Evergreen	affected 1.5.8 semver	Not specified
CNA	Nicheaddons	Restaurant Cafe Addon For Elementor	affected 1.5.8 semver	Not specified
CNA	Paretodigital	Send Users Email Email Subscribers Email Marketing Newsletter	affected 1.5.10 semver	Not specified
CNA	Unitecms	Unlimited Elements For Elementor	affected 1.5.140 semver	Not specified
CNA	Meowcrew	Role Based Pricing For Woo By Meow Crew	affected 1.6.0 semver	Not specified
CNA	Nicheaddons	Primary Addon For Elementor	affected 1.6.0 semver	Not specified
CNA	5starplugins	Featured Images In RSS For Mailchimp More	affected 1.6.3 semver	Not specified
CNA	Wpsaad	Image Alt Text Manager Bulk Dynamic Alt Tags For Image SEO Optimization AI	affected 1.6.3 semver	Not specified
CNA	Kofimokome	Message Filter For Contact Form 7	affected 1.6.3.2 semver	Not specified
CNA	Paretodigital	Embedder For Google Reviews	affected 1.6.6 semver	Not specified
CNA	Interactivegeomaps	MapGeo Interactive Geo Maps	affected 1.6.22 semver	Not specified
CNA	Wpbits	WPBITS Addons For Elementor Page Builder	affected 1.7 semver	Not specified
CNA	Toddhalfpenny	Widgets On Pages	affected 1.7 semver	Not specified
CNA	Rebelcode	Spotlight Social Feeds Block Shortcode And Widget	affected 1.7.0 semver	Not specified
CNA	Tobias Conrad	WOW Styler For CF7 Visual Styler For Contact Form 7 Forms	affected 1.7.0 semver	Not specified
CNA	Webfactory	AI Bud AI Content Generator AI Chatbot ChatGPT Gemini GPT-4o	affected 1.7.2 semver	Not specified
CNA	Hasanazizul	Text To Speech TTS Accessibility	affected 1.7.34 semver	Not specified
CNA	5starplugins	Easy Age Verify	affected 1.8.5 semver	Not specified
CNA	Senols	AI Puffer Chat. Create. Automate. Formerly AI Power	affected 1.8.99 semver	Not specified
CNA	Damian-gora	Justified Gallery	affected 1.9.0 semver	Not specified
CNA	Mapster	Mapster WP Maps	affected 1.9.0 semver	Not specified
CNA	Streamweasels	StreamWeasels Twitch Integration	affected 1.9.2 semver	Not specified
CNA	Xplodedthemes	XT Variation Swatches For WooCommerce	affected 1.9.4 semver	Not specified
CNA	Bplugins	BBlocks Essential Gutenberg Blocks Patterns Collection	affected 1.9.8 semver	Not specified
CNA	Kaizencoders	URL Shortify Simple And Easy URL Shortener	affected 1.10.4 semver	Not specified
CNA	Uriahs-victor	Kikote Location Picker At Checkout Google Address AutoFill Plugin For WooCommerce	affected 1.10.6 semver	Not specified
CNA	Cyberhobo	Geo Mashup	affected 1.13.15 semver	Not specified
CNA	Josevega	Disable Payment Methods Based On Cart Conditions For WooCommerce	affected 1.16.3 semver	Not specified
CNA	Pagup	Automatic Internal Links For SEO By Pagup	affected 2.0.0 semver	Not specified
CNA	Enweby	Full Screen Background	affected 2.0.2 semver	Not specified
CNA	Litonice13	Master Addons For Elementor Widgets Extensions Theme Builder Popup Builder Template Kits	affected 2.0.7.2 semver	Not specified
CNA	Princeahmed	Radio Player Live Shoutcast Icecast And Any Audio Stream Player	affected 2.0.82 semver	Not specified
CNA	Spicethemes	Carousel Recent Post Slider And Banner Slider	affected 2.1 semver	Not specified
CNA	Pagup	Bulk Auto Image Alt Text Alt Tag Alt Attribute Optimizer Image SEO	affected 2.1.0 semver	Not specified
CNA	Xplodedthemes	XT Quick View For WooCommerce	affected 2.1.5 semver	Not specified
CNA	Pluginscafe	Smart Phone Field For Gravity Forms	affected 2.1.6 semver	Not specified
CNA	Fooplugins	Notification Bar Announcement And Cookie Notice WordPress Plugin FooBar	affected 2.1.34 semver	Not specified
CNA	Bplugins	PDF Poster Display PDF Files With Custom Viewer	affected 2.2.0 semver	Not specified
CNA	Nicheaddons	Events Addon For Elementor	affected 2.2.2 semver	Not specified
CNA	Bplugins	HTML5 Audio Player The Ultimate No-Code Podcast MP3 Audio Player	affected 2.2.27 semver	Not specified
CNA	Mte90	Glossary	affected 2.2.38 semver	Not specified
CNA	Tickera	Restrict Membership Site Content And User Access Restrictions For WordPress	affected 2.3.0 semver	Not specified
CNA	Cyclonecode	Custom PHP Settings	affected 2.3.1 semver	Not specified
CNA	Prasadkirpekar	WP Meta And Date Remover	affected 2.3.4 semver	Not specified
CNA	Fullworks	Anti-Spam Protection No API Key GDPR Friendly	affected 2.3.7 semver	Not specified
CNA	Premmerce	Premmerce Permalink Manager For WooCommerce	affected 2.3.11 semver	Not specified
CNA	Smartwpress	Music Player For Elementor Audio Player Podcast Player	affected 2.4.1 semver	Not specified
CNA	Mhmrajib	TopNewsWp Display Tikcer News RSS Feed Widget And Many More	affected 2.4.1 semver	Not specified
CNA	Oceanwp	Ocean Extra	affected 2.4.2 semver	Not specified
CNA	Fooplugins	Gallery By FooGallery	affected 2.4.27 semver	Not specified
CNA	Plugins360	Automatic YouTube Gallery	affected 2.5.5 semver	Not specified
CNA	Spiderdevs	EazyDocs AI Powered Knowledge Base Wiki Documentation FAQ Builder	affected 2.5.7 semver	Not specified
CNA	Samdani	Team Members A WordPress Team Plugin With Gallery Grid Carousel Slider Table List And More	affected 2.5.8 semver	Not specified
CNA	Tonyzeoli	Radio Station By Netmix Manage And Play Your Show Schedule In WordPress!	affected 2.5.9 semver	Not specified
CNA	Kaira	StoreCustomizer A Plugin To Customize All WooCommerce Pages	affected 2.5.9 semver	Not specified
CNA	Wpjoli	Joli Table Of Contents	affected 2.6.0 semver	Not specified
CNA	Passionatebrains	GA4WP Analytics Dashboard For The Website	affected 2.6.0 semver	Not specified
CNA	Nitin247	Place Order Without Payment For WooCommerce	affected 2.6.5 semver	Not specified
CNA	Wordplus	Better Messages Live Chat Chat Rooms Real-Time Messaging Private Messages	affected 2.6.7 semver	Not specified
CNA	Mihail-barinov	Share This Image	affected 2.07 semver	Not specified
CNA	Inavii	Inavii Social Feed	affected 2.7.0 semver	Not specified
CNA	Fooplugins	Lightbox Modal Popup WordPress Plugin FooBox	affected 2.7.33 semver	Not specified
CNA	Xplodedthemes	XT Floating Cart For WooCommerce	affected 2.8.4 semver	Not specified
CNA	Takanakui	WP Mobile Menu The Mobile-Friendly Responsive Menu	affected 2.8.6 semver	Not specified
CNA	Passionatebrains	AEH Speed Optimization Browser Cache Optimized Minify Lazy Loading Image Optimization	affected 2.9.2 semver	Not specified
CNA	Bensibley	Independent Analytics	affected 2.9.7 semver	Not specified
CNA	Codesavory	Knowledge Base Documentation Wiki Plugin BasePress Docs	affected 2.16.3.3 semver	Not specified
CNA	Davidanderson	Internal Link Juicer SEO Auto Linker For WordPress	affected 2.24.6 semver	Not specified
CNA	Josevega	Bulk Edit Posts And Products In Spreadsheet	affected 2.25.16 semver	Not specified
CNA	Saadiqbal	Post SMTP Complete Email Deliverability And SMTP Solution With Email Logs Alerts Backup SMTP Mobile App	affected 3.0.0 semver	Not specified
CNA	Tobiasbg	TablePress Tables In WordPress Made Easy	affected 3.0.2 semver	Not specified
CNA	Bouncingsprout	Ultimeter	affected 3.0.5 semver	Not specified
CNA	Blackandwhitedigital	TreePress Easy Family Trees Ancestor Profiles	affected 3.0.6 semver	Not specified
CNA	Mattpramschufer	Pay For Post With WooCommerce	affected 3.1.26 semver	Not specified
CNA	Koen12344	Post To Google My Business Google Business Profile	affected 3.1.28 semver	Not specified
CNA	Imtiazrayhan	WP Coupons And Deals Coupon Plugin For Affiliate Marketers	affected 3.2.2 semver	Not specified
CNA	Pluginsware	Advanced Classifieds Directory Pro	affected 3.2.4 semver	Not specified
CNA	Gallerycreator	Mixed Media Gallery Blocks	affected 3.2.4.4 semver	Not specified
CNA	Blockspare	BlockSpare News Magazine And Blog Addons For Gutenberg Block Editor	affected 3.2.6 semver	Not specified
CNA	Mhmrajib	AidWP Donation Payment Forms Stripe Powered	affected 3.2.6 semver	Not specified
CNA	Infornweb	Logo Showcase Responsive Logo Carousel Logo Slider Logo Grid	affected 3.2.7 semver	Not specified
CNA	Pluginandplay	Post Slider And Post Carousel With Post Vertical Scrolling Widget A Responsive Post Slider	affected 3.2.7 semver	Not specified
CNA	Samdani	Solid Testimonials Testimonial Slider Video Testimonials Customer Reviews	affected 3.2.8 semver	Not specified
CNA	Wpspeedo	Team Members Showcase	affected 3.3.0 semver	Not specified
CNA	Elespare	EleSpare News Magazine And Blog Addons For Elementor	affected 3.3.2 semver	Not specified
CNA	Infornweb	Post List Designer Category Post Recent Post Post List	affected 3.3.7 semver	Not specified
CNA	Infornweb	Blog Designer Pack Blog Post Grid Post Slider Post Carousel Category Post News	affected 3.4.9 semver	Not specified
CNA	Dashlabsltd	YASR Yet Another Star Rating Plugin For WordPress	affected 3.4.12 semver	Not specified
CNA	Xplodedthemes	WPIDE File Manager Code Editor	affected 3.5.1 semver	Not specified
CNA	Premmerce	Premmerce Product Filter For WooCommerce	affected 3.7.3 semver	Not specified
CNA	Afthemes	WP Post Author Author Box Multiple Authors Guest Authors Custom Avatars	affected 3.8.3 semver	Not specified
CNA	Wpmagics	Delete Posts Automatically	affected 3.9.6 semver	Not specified
CNA	Takanakui	Menu Image Icons Made Easy	affected 3.12 semver	Not specified
CNA	Passionatebrains	AWCA The Great Analytics Insights For Your EStore	affected 3.12.0 semver	Not specified
CNA	Mikewire Rocksolid	Announcement Notification Banner Bulletin	affected 3.12.1 semver	Not specified
CNA	Nitin247	Thank You Page For WooCommerce	affected 4.2.0 semver	Not specified
CNA	Webheadllc	Contact Form 7 Multi-Step Forms	affected 4.4.1 semver	Not specified
CNA	Speedify	Auto-Install Free SSL Generate Install Free SSL Certificates	affected 4.5.0 semver	Not specified
CNA	Mhmrajib	WP Books Gallery Build Stunning Book Showcases Libraries In Minutes	affected 4.6.8 semver	Not specified
CNA	Webba-agency	Easy Appointment Booking Scheduling System Webba Booking Calendar	affected 5.0.57 semver	Not specified
CNA	Invisnet	WP Fail2ban Advanced Security	affected 5.3.4 semver	Not specified
CNA	Vinod-dalvi	Ivory Search WordPress Search Plugin	affected 5.5.8 semver	Not specified
CNA	Peterschulznl	WP Data Access App Builder For Tables Forms Charts Maps Dashboards	affected 5.5.31 semver	Not specified
CNA	Elliotvs	Coupon Affiliates Affiliate Plugin For WooCommerce	affected 5.17.2 semver	Not specified
CNA	Cleverplugins	Security Ninja WordPress Security Firewall	affected 5.222 semver	Not specified
CNA	Theafricanboss	Checkout With Cash App On WooCommerce	affected 6.0.2 semver	Not specified
CNA	Fullworks	Display Eventbrite Events	affected 6.1.10 semver	Not specified
CNA	Mohsinoffline	Secure Gateway For Authorize.net And WooCommerce By Pledged Plugins	affected 6.1.13 semver	Not specified
CNA	Sjaved	Easy Social Feed Social Photos Gallery And Post Feed For WordPress	affected 6.6.5 semver	Not specified
CNA	Gn Themes	WP Shortcodes Plugin Shortcodes Ultimate	affected 7.3.3 semver	Not specified
CNA	Gowebsmarty	WP Encryption One Click Free SSL Certificate SSL / HTTPS Redirect Security SSL Scan	affected 7.7.0 semver	Not specified
CNA	Tripetto	WordPress Form Builder Plugin For Contact Forms Surveys And Quizzes Tripetto	affected 8.0.7 semver	Not specified

References

Reference	Source	Link	Tags
plugins.trac.wordpress.org/browser/foogallery/tags/2.4.27/freemius/assets/js/pricing/fre...	[email protected]	plugins.trac.wordpress.org
plugins.trac.wordpress.org/browser/internal-links/trunk/vendor/freemius/wordpress-sdk/as...	[email protected]	plugins.trac.wordpress.org
plugins.trac.wordpress.org/browser/tablepress/trunk/libraries/freemius/assets/js/pricing...	[email protected]	plugins.trac.wordpress.org
plugins.trac.wordpress.org/browser/shortcodes-ultimate/trunk/freemius/assets/js/pricing/...	[email protected]	plugins.trac.wordpress.org
plugins.trac.wordpress.org/changeset/3249130	[email protected]	plugins.trac.wordpress.org
plugins.trac.wordpress.org/changeset/3229060	[email protected]	plugins.trac.wordpress.org
plugins.trac.wordpress.org/browser/interactive-geo-maps/tags/1.6.21/vendor/freemius/word...	[email protected]	plugins.trac.wordpress.org
plugins.trac.wordpress.org/browser/spotlight-social-photo-feeds/trunk/ui/freemius-pricin...	[email protected]	plugins.trac.wordpress.org
plugins.trac.wordpress.org/browser/add-search-to-menu/trunk/includes/freemius/assets/js/...	[email protected]	plugins.trac.wordpress.org
plugins.trac.wordpress.org/browser/wpide/tags/3.5.0/dist/pricing/freemius-pricing.js	[email protected]	plugins.trac.wordpress.org
plugins.trac.wordpress.org/browser/featured-images-for-rss-feeds/trunk/includes/freemius...	[email protected]	plugins.trac.wordpress.org
plugins.trac.wordpress.org/browser/independent-analytics/trunk/freemius/assets/js/pricin...	[email protected]	plugins.trac.wordpress.org
www.wordfence.com/threat-intel/vulnerabilities/id/d694491c-c0f5-4418-805a-db792...	[email protected]	www.wordfence.com
plugins.trac.wordpress.org/browser/widgets-on-pages/trunk/freemius/assets/js/pricing/fre...	[email protected]	plugins.trac.wordpress.org
plugins.trac.wordpress.org/browser/woo-permalink-manager/tags/2.3.11/assets/admin/js/pri...	[email protected]	plugins.trac.wordpress.org
plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/provider/freem...	[email protected]	plugins.trac.wordpress.org
plugins.trac.wordpress.org/browser/master-addons/trunk/lib/freemius/assets/js/pricing/fr...	[email protected]	plugins.trac.wordpress.org
plugins.trac.wordpress.org/changeset/3235286	[email protected]	plugins.trac.wordpress.org
plugins.trac.wordpress.org/browser/foobox-image-lightbox/tags/2.7.33/freemius/assets/js/...	[email protected]	plugins.trac.wordpress.org
plugins.trac.wordpress.org/browser/wp-meta-and-date-remover/tags/2.3.4/freemius/assets/j...	[email protected]	plugins.trac.wordpress.org
plugins.trac.wordpress.org/browser/ocean-extra/trunk/includes/freemius/assets/js/pricing...	[email protected]	plugins.trac.wordpress.org
plugins.trac.wordpress.org/browser/pdf-poster/trunk/freemius/assets/js/pricing/freemius-...	[email protected]	plugins.trac.wordpress.org
plugins.trac.wordpress.org/browser/menu-image/trunk/freemius/assets/js/pricing/freemius-...	[email protected]	plugins.trac.wordpress.org
plugins.trac.wordpress.org/browser/simply-gallery-block/trunk/freemius/assets/js/pricing...	[email protected]	plugins.trac.wordpress.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

Vendor Comments And Credit

Discovery Credit

CNA: Asaf Mozes (en)

Additional Advisory Data

Source	Time	Event
CNA	2026-04-30T17:32:32.000Z	Vendor Notified
CNA	2026-04-30T17:17:30.000Z	Disclosed

There are currently no legacy QID mappings associated with this CVE.