CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-4074

The WHMCS Bridge WordPress plugin is vulnerable to Stored Cross-Site Scripting via the cc_whmcs_bridge_url parameter found in the ~/whmcs-bridge/bridge_cp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 6.1. Due to missing authorization checks on the cc_whmcs_bridge_add_admin function, low-level authenticated users such as subscribers can exploit this vulnerability.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 32.2%

CVSS Severity

CVSS v3 Score 6.4

CVSS v2 Score 3.5

References

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2653041%40whmcs-bridge&new=2653041%40whmcs-bridge&sfp_email=&sfph_mail=
https://www.wordfence.com/vulnerability-advisories/#CVE-2021-4074
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2653041%40whmcs-bridge&new=2653041%40whmcs-bridge&sfp_email=&sfph_mail=
https://www.wordfence.com/vulnerability-advisories/#CVE-2021-4074

Products affected by CVE-2021-4074

I-Plugins » Whmcs Bridge » Version: Any

cpe:2.3:a:i-plugins:whmcs_bridge:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-4074

Products

Pricing

Contact Us