2 matches found
CVE-2021-25112
The CVE-2021-25112 entry concerns the WordPress WHMCS Bridge plugin (before 6.4b) and a Reflected Cross-Site Scripting vulnerability caused by not sanitising/escaping the error parameter before echoing it in the admin dashboard. Affected component: WHMCS Bridge plugin for WordPress; root cause: i...
CVE-2021-4074
Vulnerability context (CVE-2021-4074). The WordPress plugin WHMCS Bridge (versions ≤ 6.1) is vulnerable to a Stored Cross-Site Scripting (XSS) through the cc_whmcs_bridge_url parameter in the file path “~/whmcs-bridge/bridge_cp.php”. The root cause is missing authorization checks on the function ...