VYPR

WHMCS Bridge

by WordPress

CVEs (2)

  • CVE-2021-4074MedJan 18, 2022
    risk 0.42cvss 6.4epss 0.01

    The WHMCS Bridge WordPress plugin is vulnerable to Stored Cross-Site Scripting via the cc_whmcs_bridge_url parameter found in the ~/whmcs-bridge/bridge_cp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 6.1. Due to missing…

  • CVE-2021-25112MedFeb 28, 2022
    risk 0.40cvss 6.1epss 0.02

    The WHMCS Bridge WordPress plugin before 6.4b does not sanitise and escape the error parameter before outputting it back in admin dashboard, leading to a Reflected Cross-Site Scripting