CVE-2020-37225

MEDIUM

Powie's WHOIS Domain Check 0.9.31 Persistent Cross-Site Scripting

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-37225. PoCs published by mqt.

AI-analyzed exploit summary This is a detailed technical analysis of a stored XSS vulnerability in the WordPress plugin Powie's WHOIS Domain Check 0.9.31. It includes vulnerable code snippets, payload examples, and HTTP request formats demonstrating the exploitation of unsanitized input fields.

Description

Powie's WHOIS Domain Check 0.9.31 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by exploiting unsanitized input fields in plugin settings. Attackers can submit malicious payloads through textarea and input elements in the pwhois_settings.php configuration page to execute JavaScript in the admin context and escalate privileges.

Exploits (1)

exploitdb WRITEUP
by mqt · textwebappsphp
https://www.exploit-db.com/exploits/48656

This is a detailed technical analysis of a stored XSS vulnerability in the WordPress plugin Powie's WHOIS Domain Check 0.9.31. It includes vulnerable code snippets, payload examples, and HTTP request formats demonstrating the exploitation of unsanitized input fields.

Classification
Writeup 100%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Powie's WHOIS Domain Check WordPress Plugin < 0.9.31
Auth required
Prerequisites: WordPress installation with vulnerable plugin version · Authenticated user access
devstral-2 · analyzed May 13, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit exploit
ExploitDB-48656
https://www.exploit-db.com/exploits/48656
Product product
Official Product Homepage
https://powie.de
Product product
Official Product Homepage
https://blog.haao.sh
Product product
Product Reference
https://wordpress.org/plugins/powies-whois/
Third Party Advisory third-party-advisory
VulnCheck Advisory: Powie's WHOIS Domain Check 0.9.31 Persistent Cross-Site Scripting
https://www.vulncheck.com/advisories/powie-s-whois-domain-check-persistent-cross-site-scripting

Scores

CVSS v3 6.4
EPSS 0.0024
EPSS Percentile 15.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
Powie/WHOIS Domain Check 0.9.31
Published May 13, 2026
Tracked Since May 13, 2026