CVE-2021-24711 – This CSRF vulnerability in the Software License... (How to Fix)

📋 TL;DR

This CSRF vulnerability in the Software License Manager WordPress plugin allows attackers to trick authenticated administrators into performing unauthorized actions, specifically deleting registered domains. WordPress sites running vulnerable versions of this plugin are affected.

💻 Affected Systems

Products:

Software License Manager WordPress Plugin

Versions: All versions before 4.5.1

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires an authenticated administrator to be tricked into visiting a malicious page while logged in.

📦 What is this software?

Software License Manager by Tipsandtricks Hq

View all CVEs affecting Software License Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could delete all registered license domains, disrupting license validation and potentially causing service outages for customers.

🟠

Likely Case

Malicious actors could delete specific registered domains, causing license validation failures for targeted customers.

🟢

If Mitigated

With proper CSRF protections, the AJAX action would require valid nonce tokens, preventing unauthorized domain deletions.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires social engineering to trick authenticated administrators into clicking malicious links.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.5.1

Vendor Advisory: https://wordpress.org/plugins/software-license-manager/#developers

Restart Required: No

Instructions:

1. Log into WordPress admin panel
2. Navigate to Plugins → Installed Plugins
3. Find 'Software License Manager'
4. Click 'Update Now' if available
5. If manual update needed, download version 4.5.1+ from WordPress.org
6. Deactivate, upload new version, and reactivate plugin

🔧 Temporary Workarounds

Temporary Plugin Deactivation

all

Deactivate the plugin until patched to prevent exploitation

wp plugin deactivate software-license-manager

🧯 If You Can't Patch

Implement strict access controls limiting admin panel access to trusted networks only
Use browser extensions that block CSRF attempts or enforce same-origin policies

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Software License Manager version. If version is below 4.5.1, you are vulnerable.

Check Version:

wp plugin get software-license-manager --field=version

Verify Fix Applied:

Confirm plugin version is 4.5.1 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Multiple POST requests to /wp-admin/admin-ajax.php with action=del_reistered_domains from unexpected sources
Unusual domain deletion events in plugin logs

Network Indicators:

CSRF attack patterns with malicious iframes or form submissions targeting admin-ajax.php

SIEM Query:

source="wordpress.log" AND "admin-ajax.php" AND "action=del_reistered_domains" AND NOT user_agent="WordPress/*"

📊 Metadata

CVE ID: CVE-2021-24711

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-352

Published: October 11, 2021

Last Updated: November 21, 2024

🔗 References

https://jetpack.com/2021/09/14/csrf-vulnerability-found-in-software-license-manager-plugin/ Exploit,Third Party Advisory
https://wpscan.com/vulnerability/3351bc30-e5ff-471f-8d1c-b1bcdf419937 Exploit,Third Party Advisory
https://jetpack.com/2021/09/14/csrf-vulnerability-found-in-software-license-manager-plugin/ Exploit,Third Party Advisory
https://wpscan.com/vulnerability/3351bc30-e5ff-471f-8d1c-b1bcdf419937 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-24711, you might also want to check these: