Limited Black Friday Offer:

WordPress Ocean Extra <1.9.5 - Cross-Site Scripting CVE-2021-25104 Scanner

Remote attacker can perform a reflected cross site scripting attack (XSS) by injecting malicious payload.

Short Info

Level

Medium

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Domain, Ipv4

Parent Category

WordPress Ocean Extra <1.9.5 - Cross-Site Scripting CVE-2021-25104 Scanner Detail

The Ocean Extra WordPress plugin before 1.9.5 does not escape generated links which are then used when the OceanWP is active, leading to a Reflected Cross-Site Scripting issue

https://wpscan.com/vulnerability/2ee6f1d8-3803-42f6-9193-3dd8f416b558