cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2021-25112,https://securityvulnerability.io/vulnerability/CVE-2021-25112,WHMCS Bridge < 6.4b - Reflected Cross-Site Scripting (XSS),"The WHMCS Bridge WordPress plugin before 6.4b does not sanitise and escape the error parameter before outputting it back in admin dashboard, leading to a Reflected Cross-Site Scripting",Wordpress,Whmcs Bridge,6.1,MEDIUM,0.0010000000474974513,false,,false,false,false,,false,false,2022-02-28T09:06:36.000Z,0
CVE-2021-4074,https://securityvulnerability.io/vulnerability/CVE-2021-4074,WHMCS Bridge <= 6.1 Subscriber+ Stored Cross-Site Scripting,"The WHMCS Bridge WordPress plugin is vulnerable to Stored Cross-Site Scripting via the cc_whmcs_bridge_url parameter found in the ~/whmcs-bridge/bridge_cp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 6.1. Due to missing authorization checks on the cc_whmcs_bridge_add_admin function, low-level authenticated users such as subscribers can exploit this vulnerability.",Wordpress,Whmcs Bridge,6.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,2022-01-18T16:52:27.000Z,0