cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forpowies-whois powies-whois

Direction: ascending
Jun 06, 2024

Powie's WHOIS Domain Check # 762efd828a5492860013f6b836d6c23b2af66b74

CVE, Research URL

762efd828a5492860013f6b836d6c23b2af66b74

Home page URL

Security reports for Powie's WHOIS Domain Check

Application

Powie's WHOIS Domain Check

Date
Jul 09, 2020
Research Description
Powie&#039;s WHOIS Domain Check [powies-whois] < 0.9.33 WordPress Powie's WHOIS Domain Check plugin <= 0.9.31 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by mqt in WordPress Powie's WHOIS Domain Check plugin (versions <= 0.9.31).
Affected versions
max 0.9.33.
Status
vulnerable
May 16, 2026

Powie&#039;s WHOIS Domain Check # CVE-2020-37225

CVE, Research URL

CVE-2020-37225

Home page URL

Security reports for Powie&#039;s WHOIS Domain Check

Application

Powie&#039;s WHOIS Domain Check

Date
May 13, 2026
Research Description
Powie's WHOIS Domain Check 0.9.31 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by exploiting unsanitized input fields in plugin settings. Attackers can submit malicious payloads through textarea and input elements in the pwhois_settings.php configuration page to execute JavaScript in the admin context and escalate privileges.
Affected versions
max 0.9.31.
Status
vulnerable
Jun 16, 2026

Powie&#039;s WHOIS Domain Check # d3dab2d8480cee7d7dee5a00bb968b4cee6c154a

CVE, Research URL

d3dab2d8480cee7d7dee5a00bb968b4cee6c154a

Home page URL

Security reports for Powie&#039;s WHOIS Domain Check

Application

Powie&#039;s WHOIS Domain Check

Date
Jul 07, 2020
Research Description
Powie&#039;s WHOIS Domain Check [powies-whois] < 0.9.32 Power's WHOIS Domain Check <= 0.9.31 - Authenticated Stored Cross-Site Scripting The Power's WHOIS Domain Check plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 0.9.31 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 0.9.32.
Status
vulnerable

Powie&#039;s WHOIS Domain Check # 8c8a8a35-a04f-429e-8843-8201eebab421

CVE, Research URL

8c8a8a35-a04f-429e-8843-8201eebab421

Home page URL

Security reports for Powie&#039;s WHOIS Domain Check

Application

Powie&#039;s WHOIS Domain Check

Date
-
Research Description
Powie&#039;s WHOIS Domain Check [powies-whois] < 0.9.33 Powie&#039;s WHOIS Domain Check &lt; 0.9.33 - Authenticated Stored Cross-Site Scripting The plugin does not properly sanitise and encode user input when output back in its settings page, leading to authenticated (from high privileged users) stored Cross-Site Scripting (XSS) issues.
Affected versions
max 0.9.33.
Status
vulnerable