CVE-2021-24711

HIGH

Software License Manager <4.5.1 - CSRF

Title source: llm
STIX 2.1

Description

The del_reistered_domains AJAX action of the Software License Manager WordPress plugin before 4.5.1 does not have any CSRF checks, and is vulnerable to a CSRF attack

References (2)

Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/3351bc30-e5ff-471f-8d1c-b1bcdf419937

Scores

CVSS v3 8.8
EPSS 0.0067
EPSS Percentile 47.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (1)
tipsandtricks-hq/software_license_manager < 4.5.1
Published Oct 11, 2021
Tracked Since Feb 18, 2026