Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for software_license_manager by tipsandtricks-hq

    CVE-2021-24711 (GCVE-0-2021-24711)

    Vulnerability from nvd – Published: 2021-10-11 10:45 – Updated: 2024-08-03 19:42
    VLAI
    Title
    Software License Manager < 4.5.1 - Arbitrary Domain Deletion via CSRF
    Summary
    The del_reistered_domains AJAX action of the Software License Manager WordPress plugin before 4.5.1 does not have any CSRF checks, and is vulnerable to a CSRF attack
    Severity
    No CVSS data available.
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown Software License Manager Affected: 4.5.1 , < 4.5.1 (custom)
    Create a notification for this product.
    Credits
    Harald Eilertsen (JetPack)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:42:16.146Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/3351bc30-e5ff-471f-8d1c-b1bcdf419937"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jetpack.com/2021/09/14/csrf-vulnerability-found-in-software-license-manager-plugin/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Software License Manager",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "4.5.1",
                  "status": "affected",
                  "version": "4.5.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Harald Eilertsen (JetPack)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The del_reistered_domains AJAX action of the Software License Manager WordPress plugin before 4.5.1 does not have any CSRF checks, and is vulnerable to a CSRF attack"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-11T10:45:45.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/3351bc30-e5ff-471f-8d1c-b1bcdf419937"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jetpack.com/2021/09/14/csrf-vulnerability-found-in-software-license-manager-plugin/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Software License Manager \u003c 4.5.1 - Arbitrary Domain Deletion via CSRF",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2021-24711",
              "STATE": "PUBLIC",
              "TITLE": "Software License Manager \u003c 4.5.1 - Arbitrary Domain Deletion via CSRF"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Software License Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "4.5.1",
                                "version_value": "4.5.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Harald Eilertsen (JetPack)"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The del_reistered_domains AJAX action of the Software License Manager WordPress plugin before 4.5.1 does not have any CSRF checks, and is vulnerable to a CSRF attack"
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/3351bc30-e5ff-471f-8d1c-b1bcdf419937",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/3351bc30-e5ff-471f-8d1c-b1bcdf419937"
                },
                {
                  "name": "https://jetpack.com/2021/09/14/csrf-vulnerability-found-in-software-license-manager-plugin/",
                  "refsource": "MISC",
                  "url": "https://jetpack.com/2021/09/14/csrf-vulnerability-found-in-software-license-manager-plugin/"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2021-24711",
        "datePublished": "2021-10-11T10:45:45.000Z",
        "dateReserved": "2021-01-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:42:16.146Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-24560 (GCVE-0-2021-24560)

    Vulnerability from nvd – Published: 2021-09-13 17:56 – Updated: 2024-08-03 19:35
    VLAI
    Title
    Software License Manager < 4.4.8 - Reflected Cross-Site Scripting
    Summary
    The Software License Manager WordPress plugin before 4.4.8 does not sanitise or escape the edit_record parameter before outputting it back in the page in the admin dashboard, leading to a Reflected Cross-Site Scripting issue
    Severity
    No CVSS data available.
    CWE
    • CWE-79 - Cross-site Scripting (XSS)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown Software License Manager Affected: 4.4.8 , < 4.4.8 (custom)
    Create a notification for this product.
    Credits
    iohex
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:35:20.180Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/d51fcd97-e535-42dd-997a-edc2f5f12269"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Software License Manager",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "4.4.8",
                  "status": "affected",
                  "version": "4.4.8",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "iohex"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Software License Manager WordPress plugin before 4.4.8 does not sanitise or escape the edit_record parameter before outputting it back in the page in the admin dashboard, leading to a Reflected Cross-Site Scripting issue"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross-site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-13T17:56:25.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/d51fcd97-e535-42dd-997a-edc2f5f12269"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Software License Manager \u003c 4.4.8 - Reflected Cross-Site Scripting",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2021-24560",
              "STATE": "PUBLIC",
              "TITLE": "Software License Manager \u003c 4.4.8 - Reflected Cross-Site Scripting"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Software License Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "4.4.8",
                                "version_value": "4.4.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "iohex"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Software License Manager WordPress plugin before 4.4.8 does not sanitise or escape the edit_record parameter before outputting it back in the page in the admin dashboard, leading to a Reflected Cross-Site Scripting issue"
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Cross-site Scripting (XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/d51fcd97-e535-42dd-997a-edc2f5f12269",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/d51fcd97-e535-42dd-997a-edc2f5f12269"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2021-24560",
        "datePublished": "2021-09-13T17:56:25.000Z",
        "dateReserved": "2021-01-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:35:20.180Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-20782 (GCVE-0-2021-20782)

    Vulnerability from nvd – Published: 2021-07-14 01:20 – Updated: 2024-08-03 17:53
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in Software License Manager versions prior to 4.4.6 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Cross-site request forgery
    Assigner
    Impacted products
    Vendor Product Version
    Tips and Tricks HQ Software License Manager Affected: versions prior to 4.4.6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:53:22.376Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/software-license-manager/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.tipsandtricks-hq.com/software-license-manager-plugin-for-wordpress"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN89054582/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Software License Manager",
              "vendor": "Tips and Tricks HQ",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 4.4.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in Software License Manager versions prior to 4.4.6 allows remote attackers to hijack the authentication of administrators via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site request forgery",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-14T01:20:28.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wordpress.org/plugins/software-license-manager/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.tipsandtricks-hq.com/software-license-manager-plugin-for-wordpress"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN89054582/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2021-20782",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Software License Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 4.4.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Tips and Tricks HQ"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability in Software License Manager versions prior to 4.4.6 allows remote attackers to hijack the authentication of administrators via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site request forgery"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wordpress.org/plugins/software-license-manager/",
                  "refsource": "MISC",
                  "url": "https://wordpress.org/plugins/software-license-manager/"
                },
                {
                  "name": "https://www.tipsandtricks-hq.com/software-license-manager-plugin-for-wordpress",
                  "refsource": "MISC",
                  "url": "https://www.tipsandtricks-hq.com/software-license-manager-plugin-for-wordpress"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN89054582/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN89054582/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2021-20782",
        "datePublished": "2021-07-14T01:20:28.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:53:22.376Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-24711 (GCVE-0-2021-24711)

    Vulnerability from cvelistv5 – Published: 2021-10-11 10:45 – Updated: 2024-08-03 19:42
    VLAI
    Title
    Software License Manager < 4.5.1 - Arbitrary Domain Deletion via CSRF
    Summary
    The del_reistered_domains AJAX action of the Software License Manager WordPress plugin before 4.5.1 does not have any CSRF checks, and is vulnerable to a CSRF attack
    Severity
    No CVSS data available.
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown Software License Manager Affected: 4.5.1 , < 4.5.1 (custom)
    Create a notification for this product.
    Credits
    Harald Eilertsen (JetPack)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:42:16.146Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/3351bc30-e5ff-471f-8d1c-b1bcdf419937"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jetpack.com/2021/09/14/csrf-vulnerability-found-in-software-license-manager-plugin/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Software License Manager",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "4.5.1",
                  "status": "affected",
                  "version": "4.5.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Harald Eilertsen (JetPack)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The del_reistered_domains AJAX action of the Software License Manager WordPress plugin before 4.5.1 does not have any CSRF checks, and is vulnerable to a CSRF attack"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-11T10:45:45.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/3351bc30-e5ff-471f-8d1c-b1bcdf419937"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jetpack.com/2021/09/14/csrf-vulnerability-found-in-software-license-manager-plugin/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Software License Manager \u003c 4.5.1 - Arbitrary Domain Deletion via CSRF",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2021-24711",
              "STATE": "PUBLIC",
              "TITLE": "Software License Manager \u003c 4.5.1 - Arbitrary Domain Deletion via CSRF"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Software License Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "4.5.1",
                                "version_value": "4.5.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Harald Eilertsen (JetPack)"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The del_reistered_domains AJAX action of the Software License Manager WordPress plugin before 4.5.1 does not have any CSRF checks, and is vulnerable to a CSRF attack"
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/3351bc30-e5ff-471f-8d1c-b1bcdf419937",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/3351bc30-e5ff-471f-8d1c-b1bcdf419937"
                },
                {
                  "name": "https://jetpack.com/2021/09/14/csrf-vulnerability-found-in-software-license-manager-plugin/",
                  "refsource": "MISC",
                  "url": "https://jetpack.com/2021/09/14/csrf-vulnerability-found-in-software-license-manager-plugin/"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2021-24711",
        "datePublished": "2021-10-11T10:45:45.000Z",
        "dateReserved": "2021-01-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:42:16.146Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-24560 (GCVE-0-2021-24560)

    Vulnerability from cvelistv5 – Published: 2021-09-13 17:56 – Updated: 2024-08-03 19:35
    VLAI
    Title
    Software License Manager < 4.4.8 - Reflected Cross-Site Scripting
    Summary
    The Software License Manager WordPress plugin before 4.4.8 does not sanitise or escape the edit_record parameter before outputting it back in the page in the admin dashboard, leading to a Reflected Cross-Site Scripting issue
    Severity
    No CVSS data available.
    CWE
    • CWE-79 - Cross-site Scripting (XSS)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown Software License Manager Affected: 4.4.8 , < 4.4.8 (custom)
    Create a notification for this product.
    Credits
    iohex
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:35:20.180Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/d51fcd97-e535-42dd-997a-edc2f5f12269"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Software License Manager",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "4.4.8",
                  "status": "affected",
                  "version": "4.4.8",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "iohex"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Software License Manager WordPress plugin before 4.4.8 does not sanitise or escape the edit_record parameter before outputting it back in the page in the admin dashboard, leading to a Reflected Cross-Site Scripting issue"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross-site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-13T17:56:25.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/d51fcd97-e535-42dd-997a-edc2f5f12269"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Software License Manager \u003c 4.4.8 - Reflected Cross-Site Scripting",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2021-24560",
              "STATE": "PUBLIC",
              "TITLE": "Software License Manager \u003c 4.4.8 - Reflected Cross-Site Scripting"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Software License Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "4.4.8",
                                "version_value": "4.4.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "iohex"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Software License Manager WordPress plugin before 4.4.8 does not sanitise or escape the edit_record parameter before outputting it back in the page in the admin dashboard, leading to a Reflected Cross-Site Scripting issue"
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Cross-site Scripting (XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/d51fcd97-e535-42dd-997a-edc2f5f12269",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/d51fcd97-e535-42dd-997a-edc2f5f12269"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2021-24560",
        "datePublished": "2021-09-13T17:56:25.000Z",
        "dateReserved": "2021-01-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:35:20.180Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-20782 (GCVE-0-2021-20782)

    Vulnerability from cvelistv5 – Published: 2021-07-14 01:20 – Updated: 2024-08-03 17:53
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in Software License Manager versions prior to 4.4.6 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Cross-site request forgery
    Assigner
    Impacted products
    Vendor Product Version
    Tips and Tricks HQ Software License Manager Affected: versions prior to 4.4.6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:53:22.376Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/software-license-manager/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.tipsandtricks-hq.com/software-license-manager-plugin-for-wordpress"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN89054582/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Software License Manager",
              "vendor": "Tips and Tricks HQ",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 4.4.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in Software License Manager versions prior to 4.4.6 allows remote attackers to hijack the authentication of administrators via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site request forgery",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-14T01:20:28.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wordpress.org/plugins/software-license-manager/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.tipsandtricks-hq.com/software-license-manager-plugin-for-wordpress"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN89054582/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2021-20782",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Software License Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 4.4.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Tips and Tricks HQ"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability in Software License Manager versions prior to 4.4.6 allows remote attackers to hijack the authentication of administrators via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site request forgery"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wordpress.org/plugins/software-license-manager/",
                  "refsource": "MISC",
                  "url": "https://wordpress.org/plugins/software-license-manager/"
                },
                {
                  "name": "https://www.tipsandtricks-hq.com/software-license-manager-plugin-for-wordpress",
                  "refsource": "MISC",
                  "url": "https://www.tipsandtricks-hq.com/software-license-manager-plugin-for-wordpress"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN89054582/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN89054582/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2021-20782",
        "datePublished": "2021-07-14T01:20:28.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:53:22.376Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }