CVE-2021-39320 Scanner

The underConstruction plugin for WordPress is a popular tool that allows website owners to create custom landing and maintenance pages for their site visitors. This plugin is specifically designed to display informative messages to visitors when a website is in the process of maintenance or under construction. It is a useful tool for website owners who want to avoid displaying broken or unformatted pages when updates are being made to their site.

However, like all plugins, underConstruction is prone to vulnerabilities. One such vulnerability is CVE-2021-39320. This vulnerability is caused by the plugin echoing out the raw value of `$GLOBALS['PHP_SELF']` in the ucOptions.php file. This makes it possible for attackers to use it to perform a reflected Cross-Site Scripting (XSS) attack by injecting malicious code in the request path.

When exploited, this vulnerability can lead to a range of consequences, such as stealing sensitive user data, hijacking user sessions, and launching phishing attacks. It is particularly dangerous for websites that manage sensitive information, including financial institutions, healthcare providers, and e-commerce businesses.

At s4e.io, we offer a range of security solutions that can help protect against vulnerabilities like CVE-2021-39320. Our Pro plan includes advanced features such as website scanning, vulnerability assessment, and threat detection. With s4e.io, you can ensure that your digital assets are protected against attacks and remain secure at all times. Protect your business today and sign up for our Pro plan.

REFERENCES

• https://wpscan.com/vulnerability/49ae1df0-d6d2-4cbb-9a9d-bf3599429875
• https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39320