Search
Find a vulnerability
Search criteria
6 vulnerabilities found for software_license_manager by tipsandtricks-hq
CVE-2021-24711 (GCVE-0-2021-24711)
Vulnerability from nvd – Published: 2021-10-11 10:45 – Updated: 2024-08-03 19:42
VLAI
Title
Software License Manager < 4.5.1 - Arbitrary Domain Deletion via CSRF
Summary
The del_reistered_domains AJAX action of the Software License Manager WordPress plugin before 4.5.1 does not have any CSRF checks, and is vulnerable to a CSRF attack
Severity
No CVSS data available.
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/3351bc30-e5ff-47… | x_refsource_MISC |
| https://jetpack.com/2021/09/14/csrf-vulnerability… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Software License Manager |
Affected:
4.5.1 , < 4.5.1
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:42:16.146Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/3351bc30-e5ff-471f-8d1c-b1bcdf419937"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jetpack.com/2021/09/14/csrf-vulnerability-found-in-software-license-manager-plugin/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Software License Manager",
"vendor": "Unknown",
"versions": [
{
"lessThan": "4.5.1",
"status": "affected",
"version": "4.5.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Harald Eilertsen (JetPack)"
}
],
"descriptions": [
{
"lang": "en",
"value": "The del_reistered_domains AJAX action of the Software License Manager WordPress plugin before 4.5.1 does not have any CSRF checks, and is vulnerable to a CSRF attack"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-11T10:45:45.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/3351bc30-e5ff-471f-8d1c-b1bcdf419937"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jetpack.com/2021/09/14/csrf-vulnerability-found-in-software-license-manager-plugin/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Software License Manager \u003c 4.5.1 - Arbitrary Domain Deletion via CSRF",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24711",
"STATE": "PUBLIC",
"TITLE": "Software License Manager \u003c 4.5.1 - Arbitrary Domain Deletion via CSRF"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Software License Manager",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "4.5.1",
"version_value": "4.5.1"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Harald Eilertsen (JetPack)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The del_reistered_domains AJAX action of the Software License Manager WordPress plugin before 4.5.1 does not have any CSRF checks, and is vulnerable to a CSRF attack"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/3351bc30-e5ff-471f-8d1c-b1bcdf419937",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/3351bc30-e5ff-471f-8d1c-b1bcdf419937"
},
{
"name": "https://jetpack.com/2021/09/14/csrf-vulnerability-found-in-software-license-manager-plugin/",
"refsource": "MISC",
"url": "https://jetpack.com/2021/09/14/csrf-vulnerability-found-in-software-license-manager-plugin/"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24711",
"datePublished": "2021-10-11T10:45:45.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:42:16.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24560 (GCVE-0-2021-24560)
Vulnerability from nvd – Published: 2021-09-13 17:56 – Updated: 2024-08-03 19:35
VLAI
Title
Software License Manager < 4.4.8 - Reflected Cross-Site Scripting
Summary
The Software License Manager WordPress plugin before 4.4.8 does not sanitise or escape the edit_record parameter before outputting it back in the page in the admin dashboard, leading to a Reflected Cross-Site Scripting issue
Severity
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/d51fcd97-e535-42… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Software License Manager |
Affected:
4.4.8 , < 4.4.8
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:35:20.180Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/d51fcd97-e535-42dd-997a-edc2f5f12269"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Software License Manager",
"vendor": "Unknown",
"versions": [
{
"lessThan": "4.4.8",
"status": "affected",
"version": "4.4.8",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "iohex"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Software License Manager WordPress plugin before 4.4.8 does not sanitise or escape the edit_record parameter before outputting it back in the page in the admin dashboard, leading to a Reflected Cross-Site Scripting issue"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-13T17:56:25.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/d51fcd97-e535-42dd-997a-edc2f5f12269"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Software License Manager \u003c 4.4.8 - Reflected Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24560",
"STATE": "PUBLIC",
"TITLE": "Software License Manager \u003c 4.4.8 - Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Software License Manager",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "4.4.8",
"version_value": "4.4.8"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "iohex"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Software License Manager WordPress plugin before 4.4.8 does not sanitise or escape the edit_record parameter before outputting it back in the page in the admin dashboard, leading to a Reflected Cross-Site Scripting issue"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/d51fcd97-e535-42dd-997a-edc2f5f12269",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/d51fcd97-e535-42dd-997a-edc2f5f12269"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24560",
"datePublished": "2021-09-13T17:56:25.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:35:20.180Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20782 (GCVE-0-2021-20782)
Vulnerability from nvd – Published: 2021-07-14 01:20 – Updated: 2024-08-03 17:53
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability in Software License Manager versions prior to 4.4.6 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
Severity
No CVSS data available.
CWE
- Cross-site request forgery
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://wordpress.org/plugins/software-license-manager/ | x_refsource_MISC |
| https://www.tipsandtricks-hq.com/software-license… | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN89054582/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Tips and Tricks HQ | Software License Manager |
Affected:
versions prior to 4.4.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.376Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/software-license-manager/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tipsandtricks-hq.com/software-license-manager-plugin-for-wordpress"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN89054582/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Software License Manager",
"vendor": "Tips and Tricks HQ",
"versions": [
{
"status": "affected",
"version": "versions prior to 4.4.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Software License Manager versions prior to 4.4.6 allows remote attackers to hijack the authentication of administrators via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-14T01:20:28.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/software-license-manager/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tipsandtricks-hq.com/software-license-manager-plugin-for-wordpress"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN89054582/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20782",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Software License Manager",
"version": {
"version_data": [
{
"version_value": "versions prior to 4.4.6"
}
]
}
}
]
},
"vendor_name": "Tips and Tricks HQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Software License Manager versions prior to 4.4.6 allows remote attackers to hijack the authentication of administrators via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/software-license-manager/",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/software-license-manager/"
},
{
"name": "https://www.tipsandtricks-hq.com/software-license-manager-plugin-for-wordpress",
"refsource": "MISC",
"url": "https://www.tipsandtricks-hq.com/software-license-manager-plugin-for-wordpress"
},
{
"name": "https://jvn.jp/en/jp/JVN89054582/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN89054582/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20782",
"datePublished": "2021-07-14T01:20:28.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:53:22.376Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24711 (GCVE-0-2021-24711)
Vulnerability from cvelistv5 – Published: 2021-10-11 10:45 – Updated: 2024-08-03 19:42
VLAI
Title
Software License Manager < 4.5.1 - Arbitrary Domain Deletion via CSRF
Summary
The del_reistered_domains AJAX action of the Software License Manager WordPress plugin before 4.5.1 does not have any CSRF checks, and is vulnerable to a CSRF attack
Severity
No CVSS data available.
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/3351bc30-e5ff-47… | x_refsource_MISC |
| https://jetpack.com/2021/09/14/csrf-vulnerability… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Software License Manager |
Affected:
4.5.1 , < 4.5.1
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:42:16.146Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/3351bc30-e5ff-471f-8d1c-b1bcdf419937"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jetpack.com/2021/09/14/csrf-vulnerability-found-in-software-license-manager-plugin/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Software License Manager",
"vendor": "Unknown",
"versions": [
{
"lessThan": "4.5.1",
"status": "affected",
"version": "4.5.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Harald Eilertsen (JetPack)"
}
],
"descriptions": [
{
"lang": "en",
"value": "The del_reistered_domains AJAX action of the Software License Manager WordPress plugin before 4.5.1 does not have any CSRF checks, and is vulnerable to a CSRF attack"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-11T10:45:45.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/3351bc30-e5ff-471f-8d1c-b1bcdf419937"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jetpack.com/2021/09/14/csrf-vulnerability-found-in-software-license-manager-plugin/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Software License Manager \u003c 4.5.1 - Arbitrary Domain Deletion via CSRF",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24711",
"STATE": "PUBLIC",
"TITLE": "Software License Manager \u003c 4.5.1 - Arbitrary Domain Deletion via CSRF"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Software License Manager",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "4.5.1",
"version_value": "4.5.1"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Harald Eilertsen (JetPack)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The del_reistered_domains AJAX action of the Software License Manager WordPress plugin before 4.5.1 does not have any CSRF checks, and is vulnerable to a CSRF attack"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/3351bc30-e5ff-471f-8d1c-b1bcdf419937",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/3351bc30-e5ff-471f-8d1c-b1bcdf419937"
},
{
"name": "https://jetpack.com/2021/09/14/csrf-vulnerability-found-in-software-license-manager-plugin/",
"refsource": "MISC",
"url": "https://jetpack.com/2021/09/14/csrf-vulnerability-found-in-software-license-manager-plugin/"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24711",
"datePublished": "2021-10-11T10:45:45.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:42:16.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24560 (GCVE-0-2021-24560)
Vulnerability from cvelistv5 – Published: 2021-09-13 17:56 – Updated: 2024-08-03 19:35
VLAI
Title
Software License Manager < 4.4.8 - Reflected Cross-Site Scripting
Summary
The Software License Manager WordPress plugin before 4.4.8 does not sanitise or escape the edit_record parameter before outputting it back in the page in the admin dashboard, leading to a Reflected Cross-Site Scripting issue
Severity
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/d51fcd97-e535-42… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Software License Manager |
Affected:
4.4.8 , < 4.4.8
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:35:20.180Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/d51fcd97-e535-42dd-997a-edc2f5f12269"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Software License Manager",
"vendor": "Unknown",
"versions": [
{
"lessThan": "4.4.8",
"status": "affected",
"version": "4.4.8",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "iohex"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Software License Manager WordPress plugin before 4.4.8 does not sanitise or escape the edit_record parameter before outputting it back in the page in the admin dashboard, leading to a Reflected Cross-Site Scripting issue"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-13T17:56:25.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/d51fcd97-e535-42dd-997a-edc2f5f12269"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Software License Manager \u003c 4.4.8 - Reflected Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24560",
"STATE": "PUBLIC",
"TITLE": "Software License Manager \u003c 4.4.8 - Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Software License Manager",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "4.4.8",
"version_value": "4.4.8"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "iohex"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Software License Manager WordPress plugin before 4.4.8 does not sanitise or escape the edit_record parameter before outputting it back in the page in the admin dashboard, leading to a Reflected Cross-Site Scripting issue"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/d51fcd97-e535-42dd-997a-edc2f5f12269",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/d51fcd97-e535-42dd-997a-edc2f5f12269"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24560",
"datePublished": "2021-09-13T17:56:25.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:35:20.180Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20782 (GCVE-0-2021-20782)
Vulnerability from cvelistv5 – Published: 2021-07-14 01:20 – Updated: 2024-08-03 17:53
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability in Software License Manager versions prior to 4.4.6 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
Severity
No CVSS data available.
CWE
- Cross-site request forgery
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://wordpress.org/plugins/software-license-manager/ | x_refsource_MISC |
| https://www.tipsandtricks-hq.com/software-license… | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN89054582/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Tips and Tricks HQ | Software License Manager |
Affected:
versions prior to 4.4.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.376Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/software-license-manager/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tipsandtricks-hq.com/software-license-manager-plugin-for-wordpress"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN89054582/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Software License Manager",
"vendor": "Tips and Tricks HQ",
"versions": [
{
"status": "affected",
"version": "versions prior to 4.4.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Software License Manager versions prior to 4.4.6 allows remote attackers to hijack the authentication of administrators via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-14T01:20:28.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/software-license-manager/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tipsandtricks-hq.com/software-license-manager-plugin-for-wordpress"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN89054582/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20782",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Software License Manager",
"version": {
"version_data": [
{
"version_value": "versions prior to 4.4.6"
}
]
}
}
]
},
"vendor_name": "Tips and Tricks HQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Software License Manager versions prior to 4.4.6 allows remote attackers to hijack the authentication of administrators via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/software-license-manager/",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/software-license-manager/"
},
{
"name": "https://www.tipsandtricks-hq.com/software-license-manager-plugin-for-wordpress",
"refsource": "MISC",
"url": "https://www.tipsandtricks-hq.com/software-license-manager-plugin-for-wordpress"
},
{
"name": "https://jvn.jp/en/jp/JVN89054582/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN89054582/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20782",
"datePublished": "2021-07-14T01:20:28.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:53:22.376Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}