CVE-2021-24495 Scanner

The Marmoset Viewer is a plugin for WordPress used for displaying interactive 3D models on websites. It provides an easy way of showcasing product designs, architectural plans, or even detailed scientific models. The plugin is widely used in the design and tech industry, making it an incredibly useful tool for many businesses.

Recently, a vulnerability has been detected in the Marmoset Viewer plugin for WordPress. The CVE-2021-24495 vulnerability allows attackers to exploit the plugin's failure to sanitize, validate or escape the 'id' parameter before outputting it on the page, leading to a reflected Cross-Site Scripting issue. This means that attackers can execute malicious scripts onto a user's browser, leading to data theft, such as sensitive information like passwords or even financial details.

When exploited, the CVE-2021-24495 vulnerability can be quickly escalated and lead to irrevocable damage to businesses and organizations. Attackers can gain unauthorized access to the site, causing significant problems such as data breaches, website defacement, and even service disruptions. This puts both the business and its customers at considerable risk.

In conclusion, vulnerabilities such as CVE-2021-24495 can lead to catastrophic results if not addressed. It's essential to take precautionary measures such as those outlined above, to reduce the risk of such an attack. Businesses can make use of s4e.io's pro features to learn and stay up to date about the vulnerabilities present in their digital assets. With proper measures in place, businesses can significantly reduce the risk of attacks and protect their assets, customers, and reputation.

REFERENCES

• https://wpscan.com/vulnerability/d11b79a3-f762-49ab-b7c8-3174624d7638 
• https://johnjhacking.com/blog/cve-2021-24495-improper-neutralization-of-input-during-web-page-generation-on-id-parameter-in-wordpress-marmoset-viewer-plugin-versions-1.9.3-leads-to-reflected-cross-site-scripting/