CVE-2021-25099 Scanner
Detects 'Cross-Site Scripting (XSS)' vulnerability in GiveWP plugin for WordPress affects v. before 2.17.3.
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 second
Time Interval
4 week
Scan only one
Domain, Ipv4
Toolbox
-
GiveWP is a WordPress plugin designed to aid donation campaigns and fundraising efforts. This plugin is commonly used by nonprofit organizations, charities, and political campaigns to easily manage donation collections. The GiveWP plugin provides a user-friendly donation interface, which integrates seamlessly with the WordPress platform. Its features include customizable donation forms, payment gateways, and reports on donations received. However, recent security vulnerabilities have been discovered in the GiveWP plugin, specifically the CVE-2021-25099 vulnerability.
The CVE-2021-25099 vulnerability is a Reflected Cross-Site Scripting vulnerability found in the GiveWP plugin before version 2.17.3. The vulnerability arises from an unsanitized form_id parameter output in the response of an unauthenticated request via the give_checkout_login AJAX action. As a result, if an attacker attempts to exploit this vulnerability, they can execute arbitrary JavaScript code on the affected website's user's browser. This can lead to sensitive data leakage, user account takeover, and even malware injection.
When the CVE-2021-25099 vulnerability is exploited, attackers can easily access sensitive information from the affected website. Credentials such as login usernames and passwords, as well as other sensitive data such as email addresses, payment information, and personal information can be obtained and used for malicious purposes. This can cause severe reputational damage to the affected organization, loss of trust from donors, and legal repercussions.
Thanks to the pro features of the s4e.io platform, anyone can quickly and easily learn about vulnerabilities in their digital assets. Our advanced security scanning tools identify vulnerabilities in website plugins and themes and provide actionable steps to mitigate the risk of cyber attacks. With 24/7 monitoring and instant alerts, our customers can have peace of mind knowing that their digital assets are secure. Stay ahead of cyber threats and protect your website effectively with s4e.io.
REFERENCES