IconicWP, makers of WooCommerce plugins, announced that they are moving from Freemius to WooCommerce. It makes sense as now they can use their own products in their store and checkout. In the announcement they mentioned that the switch provides a more streamlined user experience and enhanced security.

This article addresses the recent supply chain vulnerability in plugins using the Freemius SDK. It also goes in depth to provide information about the process of reporting and the reporting authorities in the WordPress ecosystem.

A serious vulnerability in the Freemius SDK means that hundreds of themes and plugins contain the vulnerability. A fixed version is available for developers to update their plugins and themes that use Freemius.