WordPress Plugin Vulnerabilities

Software License Manager < 4.5.1 - Arbitrary Domain Deletion via CSRF

Description

The del_reistered_domains AJAX action of the plugin does not have any CSRF checks, and is vulnerable to a CSRF attack

Proof of Concept

https://example.com/wp-admin/admin-ajax.php?action=del_reistered_domain&id=1

Affects Plugins

Plugin icon
software-license-manager
Fixed in 4.5.1

References

CVE
CVE-2021-24711
URL
https://jetpack.com/2021/09/14/csrf-vulnerability-found-in-software-license-manager-plugin/

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
7.1 (high)

Miscellaneous

Original Researcher
Harald Eilertsen (JetPack)
Submitter
Harald Eilertsen
Verified
Yes
WPVDB ID
3351bc30-e5ff-471f-8d1c-b1bcdf419937

Timeline

Publicly Published
2021-09-13 (about 2 years ago)
Added
2021-09-13 (about 2 years ago)
Last Updated
2022-04-08 (about 2 years ago)

Other

Published
Title
Published
2021-03-01
Title
WP Travel < 4.4.7 - Cross-Site Request Forgery
Published
2024-03-26
Title
RegistrationMagic < 5.3.1.0 - Cross-Site Request Forgery
Published
2021-04-23
Title
Software License Manager < 4.4.6 - CSRF to Stored XSS
Published
2022-09-28
Title
Store Locator < 1.4.6 - Stored XSS via CSRF
Published
2023-01-13
Title
Hover Image <= 1.4.1 - CSRF