Lucene search
PRIOn knowledge basePRION:CVE-2021-4074HistoryJan 18, 2022 - 5:15 p.m.
Cross site scripting
2022-01-1817:15:00
PRIOn knowledge base
www.prio-n.com
2
0.001 Low
EPSS
Percentile
19.5%
The WHMCS Bridge WordPress plugin is vulnerable to Stored Cross-Site Scripting via the cc_whmcs_bridge_url parameter found in the ~/whmcs-bridge/bridge_cp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 6.1. Due to missing authorization checks on the cc_whmcs_bridge_add_admin function, low-level authenticated users such as subscribers can exploit this vulnerability.
| CPE | Name | Operator | Version |
|---|---|---|---|
| whmcs_bridge | le | 6.1 |
Related
nvd
nvd
CVE-2021-4074
2022-01-18 17:15:09
wpvulndb
wpvulndb
WHMCS Bridge < 6.3 - Subscriber+ Stored Cross-Site Scripting
2022-01-14 00:00:00
patchstack
patchstack
cve
cve
CVE-2021-4074
2022-01-18 17:15:09
cnvd
cnvd
WordPress WHMCS Bridge plugin cross-site scripting vulnerability
2022-01-21 00:00:00
cvelist
cvelist
CVE-2021-4074 WHMCS Bridge <= 6.1 Subscriber+ Stored Cross-Site Scripting
2022-01-18 16:52:27