Freemius recently notified us, as one of their customers, of a potential SDK security vulnerability. They went to work on the issue immediately and asked developers to do the same. The issue was quickly resolved on their side and ours, and our latest update will ensure that your site won’t be at risk. We must commend Vova and the Freemius team as to how they handled the situation and quickly got to the bottom of this.
We are not releasing any more detailed information about this vulnerability just yet, as we are following best practices according to responsible disclosure. This will give all our customers (and other developers) a fair chance to update and at the same time, avoid leaking information to potential threats.
Freemius has released some information in this blog post, should you want to read more about the security vulnerability.
What should you do?
All you need to do to secure your site is to update FooBox and FooGallery. Updates are available for Free and PRO versions of both plugins. You can update by accessing the plugins from your Plugin page in your WordPress dashboard.
If you are running FooBox version 220.127.116.11 or lower, then you are safe and do not need to do anything, as older versions of the plugin does not contain the Freemius SDK. If you are running any version of FooGallery or FooBox PRO after version 18.104.22.168, then you should update immediately.
Updates for Expired Licenses
If you have an expired PRO license for either FooGallery or FooBox, we are offering free updates to ensure you are kept safe. This won’t be an automatic update however, and you will need to contact us directly. You can simply email firstname.lastname@example.org or contact us. This is another reason why you should renew your license key, so that you get important updates as quickly as possible.
We do apologise for any inconvenience caused. Please know that we take your security very seriously and should you have any queries or concerns, feel free to contact us.