CVE-2021-24389 Scanner

FoodBakery is a popular WordPress theme used by restaurant owners to showcase their businesses online. It is a complete solution for food ordering and delivery systems that allows a restaurant owner to manage their menus, receive online payments, and even manage orders and deliveries from a single dashboard. The theme also includes different design templates, allowing owners to customize their sites to match their brand's unique look and feel.

Recently, a vulnerability was discovered in the WP FoodBakery WordPress plugin, which the FoodBakery theme uses. The vulnerability is identified as CVE-2021-24389. The issue arises from the plugin's inability to properly sanitize the foodbakery_radius parameter before it is outputted back into the response. This loophole leaves the site vulnerable to an unauthenticated Reflected Cross-Site Scripting (XSS) attack. 

The exploitation of this vulnerability allows an attacker to send a crafted link to a website visitor, which, when clicked, leads the victim to a compromised website. The attacker can use this link to execute malicious code by injecting scripts into the visitor's browser. Since the user trusts the site, they are more likely to fall victim to the attack, leading to the potential theft of sensitive information such as login credentials, credit card details, or even personal data. 

If you are concerned about the vulnerabilities of your digital assets, the SecurityForEveryone.com platform can help. By monitoring your websites 24/7, SecurityForEveryone helps you identify any potential vulnerabilities in your system, ensuring that your site remains secure and hacking attempts are thwarted. Upgrade now to access their pro features, and enjoy peace of mind knowing that your site is being actively monitored.

REFERENCES

• https://wpscan.com/vulnerability/23b8b8c4-cded-4887-a021-5f3ea610213b