Description
The del_reistered_domains AJAX action of the Software License Manager WordPress plugin before 4.5.1 does not have any CSRF checks, and is vulnerable to a CSRF attack
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/3351bc30-e5ff-471f-8d1c-b1bcdf419937
Exploit, Third Party Advisory x_refsource_misc
https://jetpack.com/2021/09/14/csrf-vulnerability-found-in-software-license-manager-plugin/
Scores
CVSS v3
8.8
EPSS
0.0067
EPSS Percentile
47.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-352
Status
published
Products (1)
tipsandtricks-hq/software_license_manager
< 4.5.1
Published
Oct 11, 2021
Tracked Since
Feb 18, 2026