Security for everyone

CVE-2021-25099 Scanner

Detects 'Cross-Site Scripting (XSS)' vulnerability in GiveWP plugin for WordPress affects v. before 2.17.3.

SCAN NOW

Short Info


Level

Medium

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Domain, Ipv4

Parent Category

CVE-2021-25099 Scanner Detail

GiveWP is a WordPress plugin designed to aid donation campaigns and fundraising efforts. This plugin is commonly used by nonprofit organizations, charities, and political campaigns to easily manage donation collections. The GiveWP plugin provides a user-friendly donation interface, which integrates seamlessly with the WordPress platform. Its features include customizable donation forms, payment gateways, and reports on donations received. However, recent security vulnerabilities have been discovered in the GiveWP plugin, specifically the CVE-2021-25099 vulnerability. 

The CVE-2021-25099 vulnerability is a Reflected Cross-Site Scripting vulnerability found in the GiveWP plugin before version 2.17.3. The vulnerability arises from an unsanitized form_id parameter output in the response of an unauthenticated request via the give_checkout_login AJAX action. As a result, if an attacker attempts to exploit this vulnerability, they can execute arbitrary JavaScript code on the affected website's user's browser. This can lead to sensitive data leakage, user account takeover, and even malware injection.

When the CVE-2021-25099 vulnerability is exploited, attackers can easily access sensitive information from the affected website. Credentials such as login usernames and passwords, as well as other sensitive data such as email addresses, payment information, and personal information can be obtained and used for malicious purposes. This can cause severe reputational damage to the affected organization, loss of trust from donors, and legal repercussions.

Thanks to the pro features of the securityforeveryone.com platform, anyone can quickly and easily learn about vulnerabilities in their digital assets. Our advanced security scanning tools identify vulnerabilities in website plugins and themes and provide actionable steps to mitigate the risk of cyber attacks. With 24/7 monitoring and instant alerts, our customers can have peace of mind knowing that their digital assets are secure. Stay ahead of cyber threats and protect your website effectively with securityforeveryone.com.

 

REFERENCES

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture