Security for everyone

CVE-2021-24342 Scanner

Detects 'Cross-Site Scripting (XSS)' vulnerability in JNews plugin for WordPress affects v. before 8.0.6.


Short Info



Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Domain, Ipv4



JNews is a popular WordPress theme used by bloggers and online publishers to create engaging and visually appealing websites. With its user-friendly interface and wide range of customization options, JNews allows users to create unique and interactive content that speaks to their target audience. It comes with a variety of features and options, including pre-designed templates, custom widgets, and a powerful drag-and-drop page builder, making it easy for users to design their website with minimal coding. 

Recent security research has uncovered a critical vulnerability in the JNews plugin that could leave users' websites vulnerable to attack. CVE-2021-24342 is a Reflected Cross-Site Scripting (XSS) issue that occurs when the cat_id parameter in the POST request /?ajax-request=jnews (with action=jnews_build_mega_category_*) is not properly sanitized. This means that an attacker can inject malicious code into the cat_id parameter, which will be executed when a user visits a specific page on the website.

If exploited, this vulnerability can lead to serious consequences for website owners, including data theft, financial loss, and reputation damage. Hackers can use the XSS vulnerability to steal sensitive information, such as login credentials, credit card numbers, and personal data, from users who visit the affected page. They can also redirect users to fake websites or install malware on their devices, causing further harm.

In conclusion, the JNews plugin for WordPress is a popular tool for publishers and bloggers. However, the recently discovered CVE-2021-24342 vulnerability can cause serious harm to websites if left unaddressed. By taking the necessary precautions and staying informed about web security, users can protect their digital assets from potential attacks. For those who want a quick and easy way to learn more about vulnerabilities in their digital assets, offers pro features that provide comprehensive security audits and real-time vulnerability detection.



cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture