CVE-2021-24711

Опубликовано: 11 окт. 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

The del_reistered_domains AJAX action of the Software License Manager WordPress plugin before 4.5.1 does not have any CSRF checks, and is vulnerable to a CSRF attack

Ссылки

https://jetpack.com/2021/09/14/csrf-vulnerability-found-in-software-license-manager-plugin/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/3351bc30-e5ff-471f-8d1c-b1bcdf419937
Exploit
Third Party Advisory
https://jetpack.com/2021/09/14/csrf-vulnerability-found-in-software-license-manager-plugin/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/3351bc30-e5ff-471f-8d1c-b1bcdf419937
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tipsandtricks-hq:software_license_manager:*:*:*:*:*:wordpress:*:*

Версия до 4.5.1 (исключая)

EPSS

Процентиль: 35%

0.00148

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-vp58-4w6c-9hj5

github

больше 3 лет назад