Cross-Site Request Forgery (CSRF) vulnerability leading to Reflected Cross-Site Scripting (XSS) discovered by mirphak (Patchstack Alliance) in WordPress CalderaWP License Manager plugin (versions <= 1.2.11).
Deactivate and delete. The plugin is closed and no more maintained.