VYPR

Whmpress

by WordPress

CVEs (6)

  • CVE-2024-9193CriFeb 28, 2025
    risk 0.64cvss 9.8epss 0.03

    The WHMpress - WHMCS WordPress Integration Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 6.3-revision-0 via the whmpress_domain_search_ajax_extended_results() function. This makes it possible for unauthenticated attackers…

  • CVE-2024-9195HigFeb 28, 2025
    risk 0.57cvss 8.8epss 0.00

    The WHMPress - WHMCS Client Area plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the update_settings case in the /admin/ajax.php file in all versions up to, and including,…

  • CVE-2024-43247HigAug 19, 2024
    risk 0.57cvss 8.8epss 0.00

    Missing Authorization vulnerability in creativeon WHMpress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WHMpress: from n/a through 6.2-revision-5.

  • CVE-2025-39491HigMay 16, 2025
    risk 0.53cvss 8.1epss 0.00

    Path Traversal vulnerability in WHMPress WHMpress allows Path Traversal. This issue affects WHMpress: from 6.2 through revision.

  • CVE-2025-39492HigMay 16, 2025
    risk 0.49cvss 7.5epss 0.00

    Path Traversal vulnerability in WHMPress WHMpress allows Relative Path Traversal. This issue affects WHMpress: from 6.2 through revision.

  • CVE-2024-43246HigAug 18, 2024
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in creativeon WHMpress allows Reflected XSS.This issue affects WHMpress: from n/a through 6.2-revision-5.