Cross-site scripting (XSS) vulnerability in phpwhois 4.2.5, as used in the adsense-click-fraud-monitoring plugin 1.7.5 for WordPress, allows remote attackers to inject arbitrary web script or HTML via the query parameter to whois.php.
6.1CVSS
6AI Score
0.001EPSS
phpWhois allows remote attackers to execute arbitrary code via a crafted whois record.
9.8CVSS
9.4AI Score
0.051EPSS
phpWhois (last update Jun 30 2021) is affected by a Cross Site Scripting (XSS) vulnerability. In file example.php, the exit function will terminate the script and print the message to the user. The message will contain $_GET['query'] then there is a XSS vulnerability.
6.1CVSS
5.8AI Score
0.001EPSS