I-Plugins Whmcs Bridge vulnerabilities
2 known vulnerabilities affecting i-plugins/whmcs_bridge.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2021-25112P3MEDIUMCVSS 6.1PoCfixed in 6.4b2022-02-28
CVE-2021-25112 [MEDIUM] CWE-79 CVE-2021-25112: The WHMCS Bridge WordPress plugin before 6.4b does not sanitise and escape the error parameter befor
The WHMCS Bridge WordPress plugin before 6.4b does not sanitise and escape the error parameter before outputting it back in admin dashboard, leading to a Reflected Cross-Site Scripting
nvd
CVE-2021-4074P4MEDIUMCVSS 5.4≤ 6.12022-01-18
CVE-2021-4074 [MEDIUM] CWE-79 CVE-2021-4074: The WHMCS Bridge WordPress plugin is vulnerable to Stored Cross-Site Scripting via the cc_whmcs_brid
The WHMCS Bridge WordPress plugin is vulnerable to Stored Cross-Site Scripting via the cc_whmcs_bridge_url parameter found in the ~/whmcs-bridge/bridge_cp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 6.1. Due to missing authorization checks on the cc_whmcs_bridge_add_admin function, low-level authenti
nvd