Security for everyone

CVE-2021-39320 Scanner

Detects 'Cross-Site Scripting (XSS)' vulnerability in underConstruction plugin for WordPress affects v. 1.18 and before.


Short Info



Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one




The underConstruction plugin for WordPress is a popular tool that allows website owners to create custom landing and maintenance pages for their site visitors. This plugin is specifically designed to display informative messages to visitors when a website is in the process of maintenance or under construction. It is a useful tool for website owners who want to avoid displaying broken or unformatted pages when updates are being made to their site.

However, like all plugins, underConstruction is prone to vulnerabilities. One such vulnerability is CVE-2021-39320. This vulnerability is caused by the plugin echoing out the raw value of `$GLOBALS['PHP_SELF']` in the ucOptions.php file. This makes it possible for attackers to use it to perform a reflected Cross-Site Scripting (XSS) attack by injecting malicious code in the request path.

When exploited, this vulnerability can lead to a range of consequences, such as stealing sensitive user data, hijacking user sessions, and launching phishing attacks. It is particularly dangerous for websites that manage sensitive information, including financial institutions, healthcare providers, and e-commerce businesses.

At, we offer a range of security solutions that can help protect against vulnerabilities like CVE-2021-39320. Our Pro plan includes advanced features such as website scanning, vulnerability assessment, and threat detection. With, you can ensure that your digital assets are protected against attacks and remain secure at all times. Protect your business today and sign up for our Pro plan.



cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture