3 matches found
CVE-2021-20782
CVE-2021-20782 affects the WordPress plugin Software License Manager prior to version 4.4.6. The issue is a Cross-site Request Forgery (CSRF) vulnerability that could allow remote attackers to hijack administrator authentication via unspecified vectors. The root cause is CSRF in the plugin, with ...
CVE-2021-24711
CVE-2021-24711 affects the Software License Manager WordPress plugin prior to 4.5.1. The root cause is that the del_reistered_domains AJAX action lacks CSRF checks, enabling CSRF attacks that could allow an attacker to delete domains arbitrarily. Documented impact is vulnerable to CSRF with poten...
CVE-2021-24560
CVE-2021-24560 affects the WordPress plugin Software License Manager up to version 4.4.8. The issue is a Reflected Cross-Site Scripting vulnerability caused by insufficient sanitization/escaping of the edit_record parameter when outputting content in the admin dashboard. Affected component: the p...