CVE-2021-24979 Scanner

Vulnerability Overview

The vulnerability stems from the plugin's failure to properly escape user inputs before incorporating them into the output within an admin page. This oversight allows for the execution of malicious scripts in the context of a logged-in user's session.

Vulnerability Details

Specifically, the issue occurs on the discount codes admin page of the Paid Memberships Pro plugin. The 's' parameter is not correctly sanitized before being echoed back, enabling attackers to inject malicious scripts that can be executed in the browser of any admin visiting the crafted URL.

Possible Effects

Exploitation of this vulnerability could lead to:

• Theft of sensitive information from the admin's session.
• Unauthorized actions being performed on the website as the admin.
• Potential further attacks against the site or its users.

Why Choose SecurityForEveryone

SecurityForEveryone provides comprehensive vulnerability scanning and cybersecurity insights to protect your digital assets. By choosing us, you gain:

• Access to advanced scanning tools for timely detection of vulnerabilities like CVE-2021-24979.
• Expert recommendations for effective vulnerability management and remediation.
• Continuous monitoring and alerts to keep your systems secure against emerging threats.

References

• WPScan Vulnerability Database
• CVE-2021-24979 Detail