Vulnerabilities and security researches forlicense-manager-for-woocommerce license-manager-for-woocommerce

Apr 14, 2025

CVE, Research URL: CVE-2025-32522
Home page URL: Security reports for License Manager for WooCommerce
Application: License Manager for WooCommerce
Date: -
Research Description: License Manager for WooCommerce [license-manager-for-woocommerce] < 3.0.10 CVE-2025-32522
Affected versions: Min -, max -.
Status: vulnerable

Nov 14, 2024

CVE, Research URL: CVE-2022-4974
Home page URL: Security reports for License Manager for WooCommerce
Application: License Manager for WooCommerce
Date: Oct 16, 2024
Research Description: The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
Affected versions: Min -, max -.
Status: vulnerable

Jun 22, 2024

CVE, Research URL: CVE-2024-1639
Home page URL: Security reports for License Manager for WooCommerce
Application: License Manager for WooCommerce
Date: Jun 21, 2024
Research Description: The License Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the showLicenseKey() and showAllLicenseKeys() functions in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, with admin dashboard access (contributors by default due to WooCommerce) to view arbitrary decrypted license keys. The functions contain a referrer nonce check. However, these can be retrieved via the dashboard through the "license" JS variable.
Affected versions: Min -, max -.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: c23241aa8778d1caab55d91ad429e196a0d97d91
Home page URL: Security reports for License Manager for WooCommerce
Application: License Manager for WooCommerce
Date: Feb 28, 2022
Research Description: License Manager for WooCommerce [license-manager-for-woocommerce] < 2.2.10 WordPress License Manager for WooCommerce plugin <= 2.2.5 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability discovered in WordPress License Manager for WooCommerce plugin (versions <= 2.2.5).
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-48742
Home page URL: Security reports for License Manager for WooCommerce
Application: License Manager for WooCommerce
Date: Nov 30, 2023
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LicenseManager License Manager for WooCommerce license-manager-for-woocommerce allows SQL Injection.This issue affects License Manager for WooCommerce: from n/a through 2.2.10.
Affected versions: Min -, max -.
Status: vulnerable