Vulnerabilities and security researches forwhmcs-bridge whmcs-bridge
Direction: ascendingJun 07, 2024
WHMCS Bridge # CVE-2021-4074
- CVE, Research URL
- Home page URL
- Application
- Date
- Jan 18, 2022
- Research Description
- The WHMCS Bridge WordPress plugin is vulnerable to Stored Cross-Site Scripting via the cc_whmcs_bridge_url parameter found in the ~/whmcs-bridge/bridge_cp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 6.1. Due to missing authorization checks on the cc_whmcs_bridge_add_admin function, low-level authenticated users such as subscribers can exploit this vulnerability.
- Affected versions
-
max 6.3.
- Status
-
vulnerable
WHMCS Bridge # CVE-2021-25112
- CVE, Research URL
- Home page URL
- Application
- Date
- Feb 28, 2022
- Research Description
- The WHMCS Bridge WordPress plugin before 6.4b does not sanitise and escape the error parameter before outputting it back in admin dashboard, leading to a Reflected Cross-Site Scripting
- Affected versions
-
max 6.4b.
- Status
-
vulnerable
Jun 16, 2026
WHMCS Bridge # b2b458a4e174fd4c9defbf3f55551fc69a283b60
- CVE, Research URL
- Home page URL
- Application
- Date
- Jan 05, 2022
- Research Description
- WHMCS Bridge [whmcs-bridge] < 6.3 (closed) WordPress WHMCS Bridge plugin <= 6.1 - Cross-Site Request Forgery (CSRF) vulnerability Cross-Site Request Forgery (CSRF) vulnerability discovered in WordPress WHMCS Bridge plugin (versions <= 6.1).
- Affected versions
-
max 6.3.
- Status
-
vulnerable
WHMCS Bridge # 3d604bd7a206c0eec78e8cd03ddabcd2c6012a78
- CVE, Research URL
- Home page URL
- Application
- Date
- Jan 05, 2022
- Research Description
- WHMCS Bridge [whmcs-bridge] < 6.3 (closed) WordPress WHMCS Bridge plugin <= 6.1 - Authenticated Arbitrary Plugin Settings Change vulnerability Authenticated Arbitrary Plugin Settings Change vulnerability discovered in WordPress WHMCS Bridge plugin (versions <= 6.1).
- Affected versions
-
max 6.3.
- Status
-
vulnerable
Jul 09, 2026
WHMCS Bridge # CVE-2026-14489
- CVE, Research URL
- Home page URL
- Application
- Date
- Jul 08, 2026
- Research Description
- The WHMCS Bridge plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the connect() function in all versions up to, and including, 6.9. This makes it possible for authenticated attackers, with Custom-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
- Affected versions
-
max 6.9.
- Status
-
vulnerable