Security for everyone

CVE-2021-24979 Scanner

Detects 'Cross-Site Scripting (XSS)' vulnerability in Paid Memberships Pro plugin for WordPress affects v. before 2.6.6.

SCAN NOW

Short Info


Level

Medium

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Domain, Ipv4

Parent Category

CVE-2021-24979 Scanner Detail

Vulnerability Overview

The vulnerability stems from the plugin's failure to properly escape user inputs before incorporating them into the output within an admin page. This oversight allows for the execution of malicious scripts in the context of a logged-in user's session.

Vulnerability Details

Specifically, the issue occurs on the discount codes admin page of the Paid Memberships Pro plugin. The 's' parameter is not correctly sanitized before being echoed back, enabling attackers to inject malicious scripts that can be executed in the browser of any admin visiting the crafted URL.

Possible Effects

Exploitation of this vulnerability could lead to:

  • Theft of sensitive information from the admin's session.
  • Unauthorized actions being performed on the website as the admin.
  • Potential further attacks against the site or its users.

Why Choose SecurityForEveryone

SecurityForEveryone provides comprehensive vulnerability scanning and cybersecurity insights to protect your digital assets. By choosing us, you gain:

  • Access to advanced scanning tools for timely detection of vulnerabilities like CVE-2021-24979.
  • Expert recommendations for effective vulnerability management and remediation.
  • Continuous monitoring and alerts to keep your systems secure against emerging threats.

References

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture