S4E

CVE-2021-24275 Scanner

Detects 'Cross-Site Scripting (XSS)' vulnerability in Popup by Supsystic plugin for WordPress affects v. before 1.10.5.

SCAN NOW

Short Info


Level

Medium

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 second

Time Interval

1 month

Scan only one

Url

Toolbox

-

The Popup by Supsystic plugin for WordPress is a tool used to create pop-up windows that appear on a website. It offers a range of customization options, including the ability to choose from various templates and create custom designs with a drag-and-drop interface. The pop-ups can be triggered by different events, such as time spent on a page or clicked links, and can be used for various purposes, such as lead generation or advertising.

Recently, a vulnerability has been detected in this plugin, identified as CVE-2021-24275. This vulnerability occurs due to the plugin's failure to sanitize the tab parameter of its options page before using it for an attribute, which can lead to a reflected cross-site scripting (XSS) attack. This means an attacker could inject malicious code into the website, which would then be executed by unsuspecting users who interact with the pop-up.

If exploited, this vulnerability can have serious consequences for website owners and users alike. Attackers could use XSS attacks to steal sensitive information, such as login credentials or credit card details, or to distribute malware. They could also deface the website or shut it down entirely, causing a loss of revenue and reputation.

At s4e.io, we offer pro features that allow users to easily and quickly learn about vulnerabilities in their digital assets. With our platform, you can stay informed about the latest threats and protect your website from attackers. Don't let your website be vulnerable to XSS attacks - try s4e.io today!

 

REFERENCES

Get started to protecting your Free Full Security Scan