223 matches found
WordPress WHMCS Bridge <6.4b - Cross-Site Scripting
WordPress WHMCS Bridge plugin before 6.4b contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the error parameter before outputting it back in the admin dashboard. id: CVE-2021-25112 info: name: WordPress WHMCS Bridge 6.4b - Cross-Site Scripting author:...
CVE-2026-14489
The WHMCS Bridge plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the connect function in all versions up to, and including, 6.9. This makes it possible for authenticated attackers, with Custom-level access and above, to upload arbitrary files on...
CVE-2026-14489 WHMCS Bridge <= 6.9 - Unauthenticated Arbitrary File Upload via 'ccce' Parameter
The WHMCS Bridge plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the connect function in all versions up to, and including, 6.9. This makes it possible for authenticated attackers, with Custom-level access and above, to upload arbitrary files on...
EUVD-2026-42174
The WHMCS Bridge plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the connect function in all versions up to, and including, 6.9. This makes it possible for authenticated attackers, with Custom-level access and above, to upload arbitrary files on...
CVE-2026-14489
The WHMCS Bridge WordPress plugin (affected: all versions up to and including 6.9) is vulnerable to an arbitrary file upload due to missing file type validation in connect(). Exploitation requires authenticated access with Custom-level permissions or higher, enabling upload of arbitrary files on ...
Exploit for CVE-2026-29204
CVE-2026-29204 — WHMCS client area addon context PoC Proof-of...
EUVD-2026-23766
A vulnerability has been found in Lagom WHMCS Template up to 2.4.2. This impacts an unknown function of the component Datatables. The manipulation leads to resource consumption. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The vendor...
CVE-2026-6601
A vulnerability has been found in Lagom WHMCS Template up to 2.4.2. This impacts an unknown function of the component Datatables. The manipulation leads to resource consumption. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The vendor...
CVE-2026-6601
A vulnerability has been found in Lagom WHMCS Template up to 2.4.2. This impacts an unknown function of the component Datatables. The manipulation leads to resource consumption. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The vendor...
CVE-2026-6601 Lagom WHMCS Template Datatables resource consumption
A vulnerability has been found in Lagom WHMCS Template up to 2.4.2. This impacts an unknown function of the component Datatables. The manipulation leads to resource consumption. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The vendor...
CVE-2026-6601 Lagom WHMCS Template Datatables resource consumption
A vulnerability has been found in Lagom WHMCS Template up to 2.4.2. This impacts an unknown function of the component Datatables. The manipulation leads to resource consumption. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The vendor...
CVE-2026-6601
Lagom WHMCS Template (up to v2.4.2) contains a Datatables-related issue that causes resource consumption (DoS) when exploited remotely. The description notes an unknown function as the vulnerability surface and that exploitation is publicly disclosed; a PoC exists (Lagom WHMCS DoS PoC). Concrete ...
CVE-2026-4239
A vulnerability was found in Lagom WHMCS Template up to 2.3.7. Impacted is an unknown function of the component Datatables. The manipulation results in improperly controlled modification of object prototype attributes. It is possible to launch the attack remotely. The exploit has been made public...
EUVD-2026-12432
A vulnerability was found in Lagom WHMCS Template up to 2.3.7. Impacted is an unknown function of the component Datatables. The manipulation results in improperly controlled modification of object prototype attributes. It is possible to launch the attack remotely. The exploit has been made public...
CVE-2026-4239
A vulnerability was found in Lagom WHMCS Template up to 2.3.7. Impacted is an unknown function of the component Datatables. The manipulation results in improperly controlled modification of object prototype attributes. It is possible to launch the attack remotely. The exploit has been made public...
CVE-2026-4239 Lagom WHMCS Template Datatables prototype pollution
A vulnerability was found in Lagom WHMCS Template up to 2.3.7. Impacted is an unknown function of the component Datatables. The manipulation results in improperly controlled modification of object prototype attributes. It is possible to launch the attack remotely. The exploit has been made public...
CVE-2026-4239
CVE-2026-4239 affects Lagom WHMCS Template up to 2.3.7. The vulnerability is in an unknown Datatables function and leads to improperly controlled modification of object prototype attributes. It can be exploited remotely; the exploit has been made public. The vendor was contacted early about discl...
PT-2026-25713
A vulnerability was found in Lagom WHMCS Template up to 2.3.7. Impacted is an unknown function of the component Datatables. The manipulation results in improperly controlled modification of object prototype attributes. It is possible to launch the attack remotely. The exploit has been made public...
lagom-prototype-pollution-poc
Lagom WHMCS Template Prototype Pollution Proof of Concept...
CVE-2022-42175
Insecure Direct Object Reference vulnerability in WHMCS module SolusVM 1 4.1.2 allows an attacker to change the password and hostname of other customer servers without authorization...