Security for everyone

CVE-2021-24276 Scanner

Detects 'Cross-Site Scripting (XSS)' vulnerability in Contact Form by Supsystic affects v. from 1.7.15 before 1.7.15.

SCAN NOW

Short Info


Level

Medium

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Url

Parent Category

CVE-2021-24276 Scanner Detail

The Contact Form by Supsystic is a WordPress plugin designed to create customizable contact forms for websites. This tool helps website owners to create and publish forms easily. With this plugin, users can set up a contact form with minimal knowledge of coding. Contact Form by Supsystic offers custom fields, allowing users to create forms that meet their specific needs, making it an effective tool for both personal and professional websites.

The CVE-2021-24276 vulnerability is a reflected Cross-Site Scripting (XSS) issue detected in Contact Form by Supsystic before version 1.7.15. As the plugin did not sanitize the tab parameter of its options page, an attacker could inject malicious code into the tab parameter, which would then be executed in the user's browser upon visiting the page. This vulnerability could be exploited by an attacker to steal sensitive user information such as cookies, session tokens, and personal details.

When exploited, the CVE-2021-24276 vulnerability could allow an attacker to bypass the security protocols of websites where the plugin is installed. Given the vast amount of sensitive data that passes through contact forms, an attacker could easily gain access to confidential information that can be used to carry out malicious activities such as identity theft, financial fraud, and other criminal activities. Once this vulnerability is exploited, it can be challenging to detect and mitigate the damage caused.

By using the pro features of Security for Everyone, you can easily and quickly learn about vulnerabilities affecting your digital assets. The platform offers comprehensive solutions such as website monitoring, vulnerability scanning, penetration testing, and cyber intelligence, which can help identify risks and safeguard your online presence. Take the necessary steps to protect your website and ensure your sensitive information remains secure.

 

REFERENCES

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture