cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forwhmcs-bridge whmcs-bridge

Direction: ascending
Jun 07, 2024

WHMCS Bridge # CVE-2021-4074

CVE, Research URL

CVE-2021-4074

Application

WHMCS Bridge

Date
Jan 18, 2022
Research Description
The WHMCS Bridge WordPress plugin is vulnerable to Stored Cross-Site Scripting via the cc_whmcs_bridge_url parameter found in the ~/whmcs-bridge/bridge_cp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 6.1. Due to missing authorization checks on the cc_whmcs_bridge_add_admin function, low-level authenticated users such as subscribers can exploit this vulnerability.
Affected versions
max 6.3.
Status
vulnerable

WHMCS Bridge # CVE-2021-25112

CVE, Research URL

CVE-2021-25112

Application

WHMCS Bridge

Date
Feb 28, 2022
Research Description
The WHMCS Bridge WordPress plugin before 6.4b does not sanitise and escape the error parameter before outputting it back in admin dashboard, leading to a Reflected Cross-Site Scripting
Affected versions
max 6.4b.
Status
vulnerable
Jun 16, 2026

WHMCS Bridge # b2b458a4e174fd4c9defbf3f55551fc69a283b60

Application

WHMCS Bridge

Date
Jan 05, 2022
Research Description
WHMCS Bridge [whmcs-bridge] < 6.3 (closed) WordPress WHMCS Bridge plugin <= 6.1 - Cross-Site Request Forgery (CSRF) vulnerability Cross-Site Request Forgery (CSRF) vulnerability discovered in WordPress WHMCS Bridge plugin (versions <= 6.1).
Affected versions
max 6.3.
Status
vulnerable

WHMCS Bridge # 3d604bd7a206c0eec78e8cd03ddabcd2c6012a78

Application

WHMCS Bridge

Date
Jan 05, 2022
Research Description
WHMCS Bridge [whmcs-bridge] < 6.3 (closed) WordPress WHMCS Bridge plugin <= 6.1 - Authenticated Arbitrary Plugin Settings Change vulnerability Authenticated Arbitrary Plugin Settings Change vulnerability discovered in WordPress WHMCS Bridge plugin (versions <= 6.1).
Affected versions
max 6.3.
Status
vulnerable
Jul 09, 2026

WHMCS Bridge # CVE-2026-14489

CVE, Research URL

CVE-2026-14489

Application

WHMCS Bridge

Date
Jul 08, 2026
Research Description
The WHMCS Bridge plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the connect() function in all versions up to, and including, 6.9. This makes it possible for authenticated attackers, with Custom-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Affected versions
max 6.9.
Status
vulnerable