S4E

CVE-2021-24987 Scanner

Detects 'Cross-Site Scripting (XSS)' vulnerability in Social Share, Social Login and Social Comments Plugin for WordPress affects v. before 7.13.30.

SCAN NOW

Short Info


Level

Medium

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 second

Time Interval

4 week

Scan only one

Url

Toolbox

-

The Social Share, Social Login and Social Comments Plugin for WordPress is a powerful tool that helps website owners to enhance their social media presence. This plugin enables users to share, login, and comment via social media platforms such as Facebook, Twitter, and LinkedIn. It is extensively used by bloggers, digital marketers, and website owners to increase their reach and audience engagement. The plugin has been widely popular for its simple user interface which is easy for anyone to use.

One of the major issues detected in the Social Share, Social Login and Social Comments Plugin for WordPress is the CVE-2021-24987 vulnerability. The vulnerability has been identified in the plugin before version 7.13.30. This vulnerability occurs as the plugin does not properly sanitise and escape the urls parameter in its the_champ_sharing_count AJAX action, which is available to both authenticated and unauthenticated users. This loophole could be exploited by attackers, who could inject malicious code in the responses and execute it in the webpage.

If this vulnerability is exploited, it could lead to severe consequences. An attacker could gain remote access to the website, spread malware, phishing attacks or even steal sensitive data such as user credentials, personal and financial information, etc. This could result in damage to both the website owner's reputation and their finances. In the worst-case scenario, it could lead to complete website shutdown, resulting in loss of business opportunities and revenue.

The Social Share, Social Login and Social Comments Plugin WordPress plugin before 7.13.30 does not sanitise and escape the urls parameter in its the_champ_sharing_count AJAX action (available to both unauthenticated and authenticated users) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue.

In conclusion, the Social Share, Social Login and Social Comments Plugin for WordPress is an invaluable tool for any website owner looking to enhance their social media following. However, this plugin is also vulnerable to attacks that could lead to severe consequences. To protect your website, it is essential to stay updated with the latest plugins, conduct regular website scans, backup data, and monitor website activity. Fortunately, with the pro features of s4e.io, users can quickly identify any vulnerabilities in their digital assets and take appropriate action.

 

REFERENCES

Get started to protecting your Free Full Security Scan