CVE-2021-24342 Scanner
CVE-2021-24342 scanner - Cross-Site Scripting (XSS) vulnerability in JNews plugin for WordPress
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
1 month
Scan only one
Domain, IPv4, Subdomain
Toolbox
-
JNews is a popular WordPress theme used by bloggers and online publishers to create engaging and visually appealing websites. With its user-friendly interface and wide range of customization options, JNews allows users to create unique and interactive content that speaks to their target audience. It comes with a variety of features and options, including pre-designed templates, custom widgets, and a powerful drag-and-drop page builder, making it easy for users to design their website with minimal coding.
Recent security research has uncovered a critical vulnerability in the JNews plugin that could leave users' websites vulnerable to attack. CVE-2021-24342 is a Reflected Cross-Site Scripting (XSS) issue that occurs when the cat_id parameter in the POST request /?ajax-request=jnews (with action=jnews_build_mega_category_*) is not properly sanitized. This means that an attacker can inject malicious code into the cat_id parameter, which will be executed when a user visits a specific page on the website.
If exploited, this vulnerability can lead to serious consequences for website owners, including data theft, financial loss, and reputation damage. Hackers can use the XSS vulnerability to steal sensitive information, such as login credentials, credit card numbers, and personal data, from users who visit the affected page. They can also redirect users to fake websites or install malware on their devices, causing further harm.
In conclusion, the JNews plugin for WordPress is a popular tool for publishers and bloggers. However, the recently discovered CVE-2021-24342 vulnerability can cause serious harm to websites if left unaddressed. By taking the necessary precautions and staying informed about web security, users can protect their digital assets from potential attacks. For those who want a quick and easy way to learn more about vulnerabilities in their digital assets, s4e.io offers pro features that provide comprehensive security audits and real-time vulnerability detection.
REFERENCES
