WordPress Plugin Vulnerabilities
Software License Manager < 4.5.1 - Arbitrary Domain Deletion via CSRF
Description
The del_reistered_domains AJAX action of the plugin does not have any CSRF checks, and is vulnerable to a CSRF attack
Proof of Concept
https://example.com/wp-admin/admin-ajax.php?action=del_reistered_domain&id=1
Affects Plugins
References
Classification
Type
CSRF
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Harald Eilertsen (JetPack)
Submitter
Harald Eilertsen
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-09-13 (about 2 years ago)
Added
2021-09-13 (about 2 years ago)
Last Updated
2022-04-08 (about 2 years ago)