WordPress Plugin Vulnerabilities

CalderaWP License Manager <= 1.2.11 - Reflected Cross-Site Scripting

Description

The plugin does not sanitise and escape some parameters before outputting them back, leading to a Reflected Cross-Site Scripting

Affects Plugins

Plugin icon
calderawp-license-manager
No known fix

References

CVE
CVE-2021-36914

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
mirphak
Verified
No
WPVDB ID
66fea13d-7646-4f77-a75e-6fca2c618140

Timeline

Publicly Published
2022-04-12 (about 3 years ago)
Added
2022-04-12 (about 3 years ago)
Last Updated
2022-04-13 (about 3 years ago)

Other

Published
Title
Published
2023-12-21
Title
Keap Official Opt-in Forms < 1.0.12 - Admin+ Stored XSS
Published
2025-06-05
Title
Runners Log <= 3.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-01-03
Title
ProductDyno < 1.0.25 - Reflected Cross-Site Scripting
Published
2026-01-20
Title
Hostiko < 94.3.6 - Unauthenticated Stored Cross-Site Scripting
Published
2025-09-26
Title
The Tribal < 1.3.4 - Authenticated (Administrator+) Stored Cross-Site Scripting