Cross-Site Request Forgery Vulnerability in Software License Manager by WordPress
CVE-2021-20782

8.8HIGH

Key Information:

Vendor

WordPress
Status
Software License Manager
Vendor
CVE Published:
14 July 2021

What is CVE-2021-20782?

A cross-site request forgery (CSRF) vulnerability exists in Software License Manager versions before 4.4.6, potentially allowing remote attackers to exploit this flaw and hijack the authentication of administrators through various unspecified vectors. This security issue emphasizes the importance of ensuring the latest updates are applied to protect against unauthorized access.

Affected Version(s)

Software License Manager versions prior to 4.4.6

References

https://wordpress.org/plugins/software-license-manager/
x_refsource_MISC
https://www.tipsandtricks-hq.com/software-license-manager...
x_refsource_MISC
https://jvn.jp/en/jp/JVN89054582/index.html
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.