Vulnerabilities > Whmpress

DATE CVE VULNERABILITY TITLE RISK
2025-02-28 CVE-2024-9193 PHP Remote File Inclusion vulnerability in Whmpress Whmcs 6.3
The WHMpress - WHMCS WordPress Integration Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 6.3-revision-0 via the whmpress_domain_search_ajax_extended_results() function.
network
low complexity
whmpress CWE-98
critical
9.8
2025-02-28 CVE-2024-9195 Missing Authorization vulnerability in Whmpress Whmcs Client Area 4.3
The WHMPress - WHMCS Client Area plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the update_settings case in the /admin/ajax.php file in all versions up to, and including, 4.3-revision-3.
network
low complexity
whmpress CWE-862
8.8