3 matches found
CVE-2021-4074
The WHMCS Bridge WordPress plugin is vulnerable to Stored Cross-Site Scripting via the ccwhmcsbridgeurl parameter found in the /whmcs-bridge/bridgecp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 6.1. Due to missing authorization checks on the...
CVE-2021-4074 WHMCS Bridge <= 6.1 Subscriber+ Stored Cross-Site Scripting
The WHMCS Bridge WordPress plugin is vulnerable to Stored Cross-Site Scripting via the ccwhmcsbridgeurl parameter found in the /whmcs-bridge/bridgecp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 6.1. Due to missing authorization checks on the...
CVE-2021-4074
Vulnerability context (CVE-2021-4074). The WordPress plugin WHMCS Bridge (versions ≤ 6.1) is vulnerable to a Stored Cross-Site Scripting (XSS) through the cc_whmcs_bridge_url parameter in the file path “~/whmcs-bridge/bridge_cp.php”. The root cause is missing authorization checks on the function ...