CVE-2021-24987 Scanner
Detects 'Cross-Site Scripting (XSS)' vulnerability in Social Share, Social Login and Social Comments Plugin for WordPress affects v. before 7.13.30.
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 second
Time Interval
4 week
Scan only one
Url
Toolbox
-
The Social Share, Social Login and Social Comments Plugin for WordPress is a powerful tool that helps website owners to enhance their social media presence. This plugin enables users to share, login, and comment via social media platforms such as Facebook, Twitter, and LinkedIn. It is extensively used by bloggers, digital marketers, and website owners to increase their reach and audience engagement. The plugin has been widely popular for its simple user interface which is easy for anyone to use.
One of the major issues detected in the Social Share, Social Login and Social Comments Plugin for WordPress is the CVE-2021-24987 vulnerability. The vulnerability has been identified in the plugin before version 7.13.30. This vulnerability occurs as the plugin does not properly sanitise and escape the urls parameter in its the_champ_sharing_count AJAX action, which is available to both authenticated and unauthenticated users. This loophole could be exploited by attackers, who could inject malicious code in the responses and execute it in the webpage.
If this vulnerability is exploited, it could lead to severe consequences. An attacker could gain remote access to the website, spread malware, phishing attacks or even steal sensitive data such as user credentials, personal and financial information, etc. This could result in damage to both the website owner's reputation and their finances. In the worst-case scenario, it could lead to complete website shutdown, resulting in loss of business opportunities and revenue.
The Social Share, Social Login and Social Comments Plugin WordPress plugin before 7.13.30 does not sanitise and escape the urls parameter in its the_champ_sharing_count AJAX action (available to both unauthenticated and authenticated users) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue.
In conclusion, the Social Share, Social Login and Social Comments Plugin for WordPress is an invaluable tool for any website owner looking to enhance their social media following. However, this plugin is also vulnerable to attacks that could lead to severe consequences. To protect your website, it is essential to stay updated with the latest plugins, conduct regular website scans, backup data, and monitor website activity. Fortunately, with the pro features of s4e.io, users can quickly identify any vulnerabilities in their digital assets and take appropriate action.
REFERENCES