CVE-2017-18537 Scanner

Introduction

The Visitors Online plugin for WordPress has become a popular web-based tool for website owners and administrators worldwide. Its main purpose is to track and display the number of online users visiting a WordPress website in real-time. The plugin is used to provide website owners with accurate data on their site's traffic, helping them understand user behavior, and optimize their online presence.

Vulnerability Overview

Unfortunately, the plugin has been found to have a security flaw identified by the CVE code, CVE-2017-18537. This vulnerability falls under the category of Cross-Site Scripting (XSS). If successfully exploited, attackers can perform various malicious activities like stealing sensitive information, hijacking user sessions, or executing unauthorized actions on behalf of legitimate users. The vulnerability poses a significant risk to the security and privacy of both website owners and their visitors who rely on the Visitors Online plugin in their WordPress websites.

Vulnerability Details

The security issue exists in the Visitors Online plugin versions before 1.0.0. The vulnerability arises from multiple instances of XSS in the plugin, which occurs due to inadequate sanitization of user-supplied input. This makes it possible for an attacker to inject malicious scripts into webpages that get executed within the context of the user's browser. Examples of exploitation include:

• Stealing session cookies or authentication credentials
• Redirecting users to deceptive or malicious websites
• Embedding exploit payloads to compromise user systems