CVE-2021-24235 Scanner

The Goto WordPress theme is a popular theme used for travel agencies and tour operators. It is designed to showcase different tour packages, destinations, and activities, as well as allow visitors to book their trips directly on the website. This theme offers a range of customizable features, including unique layouts, slider options, and booking calendars, making it a valuable tool for businesses in this niche.

However, the Goto WordPress theme version 2.0 was recently found to have a vulnerability that could put websites at risk of a Cross-Site Scripting (XSS) attack. This vulnerability was designated CVE-2021-24235 and is a result of the theme's failure to sanitize the keywords and start_date GET parameters on its Tour List page. This means that an attacker could send a specifically crafted URL to a site visitor, which would then execute arbitrary code when opened.

If this vulnerability is exploited, it could lead to a range of negative consequences for businesses using the Goto WordPress theme, including the theft of sensitive information, such as user credentials, payment details, or personal data. It could also result in a website being defaced, causing damage to the business's reputation and potentially leading to financial losses.

Finally, it's worth noting that s4e.io's platform provides a range of pro features, including vulnerability scanning, that make it easy for businesses to detect and fix vulnerabilities in their digital assets. By using this platform, businesses can ensure that their websites are secure and protected against potential attacks, including those that exploit the CVE-2021-24235 vulnerability in the Goto WordPress theme.

REFERENCES

• https://m0ze.ru/vulnerability/[2021-02-10]-[WordPress]-[CWE-79]-Goto-WordPress-Theme-v1.9.txt
• https://wpscan.com/vulnerability/eece90aa-582b-4c49-8b7c-14027f9df139