WordPress CalderaWP License Manager plugin <= 1.2.11 - Cross-Site Request Forgery (CSRF) vulnerability leading to Reflected Cross-Site Scripting (XSS)

Cross-Site Request Forgery (CSRF) vulnerability leading to Reflected Cross-Site Scripting (XSS) discovered by mirphak (Patchstack Alliance) in WordPress CalderaWP License Manager plugin (versions <= 1.2.11).

Solution

Deactivate and delete. The plugin is closed and no more maintained.