Tipsandtricks-Hq: >> Software License Manager Security Vulnerabilities
The del_reistered_domains AJAX action of the Software License Manager WordPress plugin before 4.5.1 does not have any CSRF checks, and is vulnerable to a CSRF attack
CVSS Score
8.8
EPSS Score
0.001
Published
2021-10-11
The Software License Manager WordPress plugin before 4.4.8 does not sanitise or escape the edit_record parameter before outputting it back in the page in the admin dashboard, leading to a Reflected Cross-Site Scripting issue
CVSS Score
6.1
EPSS Score
0.002
Published
2021-09-13
Cross-site request forgery (CSRF) vulnerability in Software License Manager versions prior to 4.4.6 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVSS Score
8.8
EPSS Score
0.002
Published
2021-07-14