CVE-2021-24979 Scanner
Detects 'Cross-Site Scripting (XSS)' vulnerability in Paid Memberships Pro plugin for WordPress affects v. before 2.6.6.
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 second
Time Interval
4 week
Scan only one
Domain, Ipv4
Toolbox
-
Vulnerability Overview
The vulnerability stems from the plugin's failure to properly escape user inputs before incorporating them into the output within an admin page. This oversight allows for the execution of malicious scripts in the context of a logged-in user's session.
Vulnerability Details
Specifically, the issue occurs on the discount codes admin page of the Paid Memberships Pro plugin. The 's' parameter is not correctly sanitized before being echoed back, enabling attackers to inject malicious scripts that can be executed in the browser of any admin visiting the crafted URL.
Possible Effects
Exploitation of this vulnerability could lead to:
- Theft of sensitive information from the admin's session.
- Unauthorized actions being performed on the website as the admin.
- Potential further attacks against the site or its users.
Why Choose S4E
S4E provides comprehensive vulnerability scanning and cybersecurity insights to protect your digital assets. By choosing us, you gain:
- Access to advanced scanning tools for timely detection of vulnerabilities like CVE-2021-24979.
- Expert recommendations for effective vulnerability management and remediation.
- Continuous monitoring and alerts to keep your systems secure against emerging threats.