S4E

CVE-2021-24875 Scanner

Detects 'Cross-Site Scripting (XSS)' vulnerability in eCommerce Product Catalog plugin for WordPress affects v. before 3.0.39.

SCAN NOW

Short Info


Level

Medium

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 second

Time Interval

4 week

Scan only one

Domain, Ipv4

Toolbox

-

The eCommerce Product Catalog plugin for WordPress is a popular extension that allows online retailers to showcase their product collections in an organized and visually appealing manner. With its user-friendly interface and comprehensive customization options, this plugin is widely employed by businesses of all sizes. However, the latest version of the plugin, prior to 3.0.39, harbors a critical vulnerability.

The CVE-2021-24875 vulnerability detected in the eCommerce Product Catalog plugin for WordPress involves the failure of the plugin to properly escape the ic-settings-search parameter before inserting it into the outputted page in an attribute. This allows for a Reflected Cross-Site Scripting (XSS) attack when a victim clicks on a malicious link or visits a compromised website. With this vulnerability, attackers can inject and execute arbitrary code on the victim's browser, enabling them to steal credentials, alter a webpage's content, or even take control of the victim's system.

When exploited by hackers, the CVE-2021-24875 vulnerability can lead to disastrous consequences for the eCommerce businesses that employ the eCommerce Product Catalog plugin for WordPress. Critical information, such as customer data and financial records, can be accessed and stolen by attackers. Moreover, the alterations made to the webpages of the website can lead to a decline in the trustworthiness of the businesses and a loss of revenue.

At s4e.io, we recognize the importance of remaining proactive in the ever-evolving cybersecurity landscape. By employing our pro features, you can rest assured that your digital assets, including the eCommerce Product Catalog plugin for WordPress, are frequently monitored for vulnerabilities. Get in touch with us today to learn more about how we can help protect your online business.

 

REFERENCES

Get started to protecting your Free Full Security Scan