[New post] CSRF Vulnerability Found in Software License Manager Plugin

Harald Eilertsen posted: " Versions before 4.5.1 of the Software License Manager plugin for WordPress have an exploitable Cross-Site Request Forgery (CSRF) vulnerability. Any user logged in to a site with the vulnerable extension can, by clicking a link, be tricked to delete an en" New post on Jetpack: WordPress Security, Performance, and Growth CSRF Vulnerability Found in Software License Manager Plugin by Harald Eilertsen Versions before 4.5.1 of the Software License Manager plugin for WordPress have an exploitable Cross-Site Request Forgery (CSRF) vulnerability. Any user logged in to a site with the vulnerable extension can, by clicking a link, be tricked to delete an entry in the plugin's registered domain database table. The link can be distributed in an email, or on a website the victim user is likely to visit. The good news is, there's not much else that can be done by exploiting this weakness. And the attacker needs to know the id of the domain they wish to delete from the database beforehand.  Still, we recommend anybody running version 4.5.0 or earlier of the plugin to upgrade as soon as possible. Continue reading "CSRF Vulnerability Found in Software License Manager Plugin" Harald Eilertsen | September 14, 2021 at 9:10 am | Tags: csrf, plugin security, Security, WordPress | Categories: Vulnerabilities | URL: https://wp.me/p1moTy-y66 Like Unsubscribe to no longer receive posts from Jetpack: WordPress Security, Performance, and Growth. Change your email settings at Manage Subscriptions. Trouble clicking? Copy and paste this URL into your browser: http://jetpack.com/2021/09/14/csrf-vulnerability-found-in-software-license-manager-plugin/ Thanks for flying with WordPress.com