WordPress CalderaWP License Manager plugin <= 1.2.11 - Cross-Site Request Forgery (CSRF) vulnerability leading to Reflected Cross-Site Scripting (XSS)
Software
CalderaWP License Manager
Vulnerable versions
<= 1.2.11
PSID
191482ab89a9
Classification
Cross Site Request Forgery (CSRF)
OWASP Top 10
A5: Broken Access Control
Required privilege
Publicly disclosed
2022-04-12
Patchstack vPatch available since
09.12.2021
Details
Cross-Site Request Forgery (CSRF) vulnerability leading to Reflected Cross-Site Scripting (XSS) discovered by mirphak (Patchstack Alliance) in WordPress CalderaWP License Manager plugin (versions <= 1.2.11).
Solution
Deactivate and delete. The plugin is closed and no more maintained.
References
CVE-2021-36914
Plugin page