CVE-2021-36873 Scanner
Detects 'Cross-Site Scripting (XSS)' vulnerability in iQ Block Country plugin for WordPress affects v. 1.2.11 and before.
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
29 days
Scan only one
Domain, IPv4
Toolbox
-
The iQ Block Country plugin is a well-known WordPress plugin that is used to block unwanted traffic or visitors originating from specific countries. By blocking these IP addresses, website owners can effectively reduce the number of spam comments, brute force attacks, and other malicious activities that might harm their website. This plugin is widely popular amongst WordPress users who want to secure their websites against unwanted traffic from specific geographic locations.
However, recently, a new vulnerability has been detected in the iQ Block Country plugin, which raises serious concerns for website owners. The CVE-2021-36873 vulnerability is a persistent cross-site scripting (XSS) issue present in the plugin's versions up to and including 1.2.11. The vulnerability lies within the 'blockcountry_blockmessage' parameter, which is used to display messages to visitors from the blocked countries.
If exploited, the CVE-2021-36873 vulnerability can lead to serious security issues such as data theft, website defacement, and even complete loss of control over the website. Through this vulnerability, an attacker can inject malicious code into the website, which can then be executed when the user visits the site. This can allow the attacker to gain unauthorized access to sensitive data or even take full control of the website.
At s4e.io, we offer a comprehensive platform that can help website owners identify and address potential vulnerabilities in their digital assets. By utilizing our pro features, website owners can easily and quickly learn about vulnerabilities in their website and take necessary actions to mitigate the risks. With our platform, website owners can rest assured that their digital assets are secure and protected against potential threats. So, take the step towards securing your website today and sign up for our pro features at s4e.io!
REFERENCES