CVE-2020-37225: XSS in Powie's WHOIS Domain Check
Platform
wordpress
Component
whois-domain-check
CVE-2020-37225 describes a persistent cross-site scripting (XSS) vulnerability found in Powie's WHOIS Domain Check versions 0.9.31–0.9.31. This vulnerability allows authenticated attackers to inject arbitrary JavaScript code, potentially leading to account compromise and privilege escalation. The vulnerability stems from unsanitized input fields within the plugin's configuration page, pwhois_settings.php. While a fix is not yet available, mitigation strategies can reduce risk.
Detect this CVE in your project
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Impact and Attack Scenarios
An attacker exploiting this XSS vulnerability can inject malicious JavaScript code into the Powie's WHOIS Domain Check plugin's settings. Because the vulnerability requires authentication, the attacker needs valid credentials to access the plugin's configuration page (pwhois_settings.php). Successful exploitation allows the attacker to execute JavaScript in the context of the administrator user, potentially stealing session cookies, redirecting users to malicious websites, or modifying plugin settings. The impact is significant as it can lead to complete control over the WordPress site if the administrator's session is compromised. This vulnerability shares similarities with other XSS vulnerabilities where attackers leverage unsanitized input to inject malicious scripts.
Exploitation Context
CVE-2020-37225 was published on May 13, 2026. Currently, there is no indication of active exploitation campaigns targeting this vulnerability. No public Proof-of-Concept (POC) exploits have been widely reported. The vulnerability's severity is rated as medium (CVSS 6.4), suggesting a moderate probability of exploitation if a suitable exploit is developed and widely distributed. It is not listed on KEV or EPSS.
Threat Intelligence
Exploit Status
CISA SSVC
CVSS Vector
What do these metrics mean?
- Attack Vector
- Network — remotely exploitable over the internet. No physical or local access required. Widest attack surface.
- Attack Complexity
- Low — no special conditions required. Attacker can exploit reliably without depending on rare configurations or timing.
- Privileges Required
- Low — any valid user account is sufficient. Basic authenticated access required.
- User Interaction
- None — attack is automatic and silent. Victim does nothing: no click, no file open.
- Scope
- Changed — successful attack can pivot beyond the vulnerable component to other systems or the host OS.
- Confidentiality
- Low — partial or indirect data access. Attacker gains limited information.
- Integrity
- Low — attacker can modify some data with limited scope or impact.
- Availability
- None — no availability impact. Service remains fully operational.
Affected Software
Weakness Classification (CWE)
Timeline
- Reserved
- Published
Mitigation and Workarounds
Since a patched version of Powie's WHOIS Domain Check is not yet available, immediate mitigation is crucial. The primary workaround is to restrict access to the pwhois_settings.php configuration page. Implement role-based access control within WordPress to limit which users can access this page. Consider using a Web Application Firewall (WAF) with XSS filtering rules to block suspicious requests targeting the plugin's settings. Regularly review and audit plugin settings for any unusual or unexpected changes. Monitor WordPress logs for any signs of attempted XSS exploitation, such as unusual JavaScript execution patterns. Verify access controls after implementing these mitigations by attempting to access the configuration page with a non-administrator user.
How to fix
Actualice el plugin Powie's WHOIS Domain Check a la última versión disponible para mitigar la vulnerabilidad de XSS. Verifique la página de soporte del plugin o el repositorio de WordPress para obtener la versión más reciente y las instrucciones de actualización. Además, revise y sanee cualquier entrada de usuario en la configuración del plugin para prevenir futuras vulnerabilidades.
Frequently asked questions
What is CVE-2020-37225 — XSS in Powie's WHOIS Domain Check?
CVE-2020-37225 is a cross-site scripting (XSS) vulnerability affecting Powie's WHOIS Domain Check versions 0.9.31–0.9.31. It allows authenticated attackers to inject JavaScript code via plugin settings, potentially compromising administrator accounts.
Am I affected by CVE-2020-37225 in Powie's WHOIS Domain Check?
You are affected if your WordPress website uses Powie's WHOIS Domain Check version 0.9.31. Check your plugin versions and implement mitigation strategies until a patch is available.
How do I fix CVE-2020-37225 in Powie's WHOIS Domain Check?
A patch is not yet available. Mitigate by restricting access to the plugin's configuration page, using a WAF, and monitoring logs for suspicious activity.
Is CVE-2020-37225 being actively exploited?
There is currently no evidence of active exploitation campaigns targeting CVE-2020-37225, but the vulnerability remains a potential risk.
Where can I find the official Powie's WHOIS Domain Check advisory for CVE-2020-37225?
Check the Powie's WHOIS Domain Check website and WordPress plugin repository for updates and advisories related to CVE-2020-37225.
Is your project affected?
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Detect this CVE in your project
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Scan your WordPress project now — no account
Upload any manifest (composer.lock, package-lock.json, WordPress plugin list…) or paste your component list. You get a vulnerability report instantly. Uploading a file is just the start: with an account you get continuous monitoring, Slack/email alerts, multi-project and white-label reports.
Drag & drop your dependency file
composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...