CVE-2021-24275 Scanner
Detects 'Cross-Site Scripting (XSS)' vulnerability in Popup by Supsystic plugin for WordPress affects v. before 1.10.5.
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 second
Time Interval
1 month
Scan only one
Url
Toolbox
-
The Popup by Supsystic plugin for WordPress is a tool used to create pop-up windows that appear on a website. It offers a range of customization options, including the ability to choose from various templates and create custom designs with a drag-and-drop interface. The pop-ups can be triggered by different events, such as time spent on a page or clicked links, and can be used for various purposes, such as lead generation or advertising.
Recently, a vulnerability has been detected in this plugin, identified as CVE-2021-24275. This vulnerability occurs due to the plugin's failure to sanitize the tab parameter of its options page before using it for an attribute, which can lead to a reflected cross-site scripting (XSS) attack. This means an attacker could inject malicious code into the website, which would then be executed by unsuspecting users who interact with the pop-up.
If exploited, this vulnerability can have serious consequences for website owners and users alike. Attackers could use XSS attacks to steal sensitive information, such as login credentials or credit card details, or to distribute malware. They could also deface the website or shut it down entirely, causing a loss of revenue and reputation.
At s4e.io, we offer pro features that allow users to easily and quickly learn about vulnerabilities in their digital assets. With our platform, you can stay informed about the latest threats and protect your website from attackers. Don't let your website be vulnerable to XSS attacks - try s4e.io today!
REFERENCES