EUVD-2021-12024

Malware in sbrugna...

CVE-2021-25112

The WHMCS Bridge WordPress plugin before 6.4b does not sanitise and escape the error parameter before outputting it back in admin dashboard, leading to a Reflected Cross-Site Scripting...

WordPress WHMCS Bridge plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. cross-site scripting vulnerability exists in versions of WordPress WHMCS Bridge plugin prior to 6.4b, which ste...

CVE-2021-25112

The WHMCS Bridge WordPress plugin before 6.4b does not sanitise and escape the error parameter before outputting it back in admin dashboard, leading to a Reflected Cross-Site Scripting...

CVE-2021-25112

The WHMCS Bridge WordPress plugin before 6.4b does not sanitise and escape the error parameter before outputting it back in admin dashboard, leading to a Reflected Cross-Site Scripting...

CVE-2021-25112

The CVE-2021-25112 entry concerns the WordPress WHMCS Bridge plugin (before 6.4b) and a Reflected Cross-Site Scripting vulnerability caused by not sanitising/escaping the error parameter before echoing it in the admin dashboard. Affected component: WHMCS Bridge plugin for WordPress; root cause: i...

CVE-2021-25112 WHMCS Bridge < 6.4b - Reflected Cross-Site Scripting (XSS)

The WHMCS Bridge WordPress plugin before 6.4b does not sanitise and escape the error parameter before outputting it back in admin dashboard, leading to a Reflected Cross-Site Scripting...

WordPress plugin WHMCS Bridge 跨站脚本漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. cross-site scripting vulnerability exists in versions of WordPress WHMCS Bridge plugin prior to 6.4b, which ste...

WHMCS Bridge < 6.4b - Reflected Cross-Site Scripting (XSS)

The plugin does not sanitise and escape the error parameter before outputting it back in admin dashboard, leading to a Reflected Cross-Site Scripting http://example.com/wp-admin/options-general.php?page=cc-ce-bridge-cp&error=%3Cimg%20src%20onerror=alert1%3E...

WHMCS Bridge < 6.4b - Reflected Cross-Site Scripting (XSS)

The plugin does not sanitise and escape the error parameter before outputting it back in admin dashboard, leading to a Reflected Cross-Site Scripting PoC http://example.com/wp-admin/options-general.php?page=cc-ce-bridge-cp=%3Cimg%20src%20onerror=alert1%3E...

WordPress WHMCS Bridge plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL.The WordPress WHMCS Bridge plugin has a cross-site scripting vulnerability that allows an attacker to...

CVE-2021-4074

The WHMCS Bridge WordPress plugin is vulnerable to Stored Cross-Site Scripting via the ccwhmcsbridgeurl parameter found in the /whmcs-bridge/bridgecp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 6.1. Due to missing authorization checks on the...

CVE-2021-4074

The WHMCS Bridge WordPress plugin is vulnerable to Stored Cross-Site Scripting via the ccwhmcsbridgeurl parameter found in the /whmcs-bridge/bridgecp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 6.1. Due to missing authorization checks on the...

Cross site scripting

The WHMCS Bridge WordPress plugin is vulnerable to Stored Cross-Site Scripting via the ccwhmcsbridgeurl parameter found in the /whmcs-bridge/bridgecp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 6.1. Due to missing authorization checks on the...

CVE-2021-4074

Vulnerability context (CVE-2021-4074). The WordPress plugin WHMCS Bridge (versions ≤ 6.1) is vulnerable to a Stored Cross-Site Scripting (XSS) through the cc_whmcs_bridge_url parameter in the file path “~/whmcs-bridge/bridge_cp.php”. The root cause is missing authorization checks on the function ...

CVE-2021-4074 WHMCS Bridge <= 6.1 Subscriber+ Stored Cross-Site Scripting

The WHMCS Bridge WordPress plugin is vulnerable to Stored Cross-Site Scripting via the ccwhmcsbridgeurl parameter found in the /whmcs-bridge/bridgecp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 6.1. Due to missing authorization checks on the...

CVE-2021-4074 WHMCS Bridge <= 6.1 Subscriber+ Stored Cross-Site Scripting

The WHMCS Bridge WordPress plugin is vulnerable to Stored Cross-Site Scripting via the ccwhmcsbridgeurl parameter found in the /whmcs-bridge/bridgecp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 6.1. Due to missing authorization checks on the...

WordPress plugin 跨站脚本漏洞

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL.The WordPress WHMCS Bridge plugin has a cross-site scripting vulnerability that allows an attacker to...

WHMCS Bridge < 6.3 - Subscriber+ Stored Cross-Site Scripting

The plugin is vulnerable to Stored Cross-Site Scripting via the ccwhmcsbridgeurl parameter found in the /whmcs-bridge/bridgecp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 6.1. Due to missing authorization checks on the ccwhmcsbridgeaddadmin...

WordPress WHMCS Bridge plugin <= 6.1 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered in WordPress WHMCS Bridge plugin versions = 6.1. Solution Update the WordPress WHMCS Bridge to the latest available version at least 6.3...