Scroll Top

ALERT:150 XSS AUG 2021 – Cross-Site Scripting AUG 2021 Blast


XSS AUG 2021 – Cross-Site Scripting AUG 2021

Tailored WordPress Security Report

Be informed about the latest Cross-Site Scripting AUG 2021, identified and reported publicly. As these XSS AUG 2021 vulnerabilities have a severe negative impact on any WordPress Security, consider our FREE security AUDIT.

An estimated jaw-dropping 2.596.000+ active WordPress installations were susceptible to these attack types, considering only the publicly disclosed and available numbers. The estimated number can increase by 20-25% with premium versions as they are private purchases.

Furthermore, the initial estimation can triple if we consider (1) the already patched versions BUT NOT UPDATED by owners, as the vulnerability remains active within their domain; and (2) the closed “uncounted” versions remain active on domains already running the plugins, as nobody is maintaining security. As these owners start changing their hosting provider (due to constant unexplained issues), they actively migrate these vulnerabilities behind new / protected areas, possibly exposing other clean WP to different attack types.

It is a mind-boggling 1264% increase compared to December 2020. We compare last month versus previous winter holiday season, which has the biggest shopping traffic and attack spike throughout the year. Read more about our previous reports here: ALERT: 77 XSS JUL 2021 – Cross-Site Scripting JUL 2021 Blast and 11 XSS – Cross-Site Scripting – WordPress Security DEC. The following cases made headlines PUBLICLY just last month in the XSS AUG 2021 category:

Hire security geeks to protect your WP from publicly reported cases of XSS AUG 2021 BEFORE IT’S TOO LATE! You will also protect your customers, your reputation and your online business!

  • Simple Banner – Authenticated Stored XSS
    • This plugin makes it easy to display a simple announcement banner or bar at the top of your website. You can easily customize the color of the links, text, and background of the bar from within the settings. You can also customize to your heart’s desire by adding your own custom CSS. There’s also a fancy preview section within the settings so you can see your changes before you save them. Active installations: 40,000+

  • HD Quiz – Authenticated Stored XSS
    • HD Quiz is a very easy to use plugin to create an unlimited amount of quizzes and embed them onto any page or post. HD Quiz is equally perfect for building strong professional based questionnaires or fun Buzzfeed style quizzes. Active installations: 7,000+

  • WPFront Scroll Top – Authenticated Stored XSS
    • WPFront Scroll Top plugin allows the visitor to easily scroll back to the top of the page, with fully customizable options and image. WPFront Scroll Top plugin has the following features. Active installations: 100,000+

  • Sitewide Notice WP – Authenticated Stored XSS
    • Simply add a small message bar to the bottom of each page of your website to display notice messages such as sales, notices and any text messages. A lightweight plugin that simply adds a small notification bar that allows you to insert simple text at the bottom of every page of your website as a call-to-action. Active installations: 5,000+

  • ShareThis Dashboard for Google Analytics – Reflected Cross-Site Scripting (XSS)
    • Monitor, analyze, and measure visitor engagement for your site directly from your WordPress dashboard with our Google Analytics plugin. With our Google Analytics dashboard, you’ll be able to conveniently access Google Analytics reports in the same interface you already use every day to write and manage your posts. Active installations: 200,000+

  • Site Reviews – Authenticated Stored XSS
    • Site Reviews allows your visitors to submit reviews with a 1-5 star rating on your website, similar to the way you would on TripAdvisor or Yelp. The plugin provides blocks, shortcodes, and widgets, along with full documentation. Active installations: 30,000+

  • AddToAny Share Buttons – Authenticated Stored XSS
    • The AddToAny Share Buttons plugin for WordPress increases traffic & engagement by helping people share your posts and pages to any service. Services include Facebook, Twitter, Pinterest, WhatsApp, LinkedIn, Tumblr, Reddit, WeChat, and over 100 more sharing and social media sites & apps. Active installations: 500,000+

  • Daily Prayer Time – Authenticated Stored XSS
    • Alhamdulillah that you can display Yearly and Monthly prayer time with ajax month selector using shortcode [timetable] Daily prayer time can be displayed vertically or horizontally in your preferable widget area. Designed for any Mosque or Islamic institutes. Active installations: 1,000+

  • Smash Balloon Social Post Feed – Unauthenticated Stored XSS
    • Display Facebook posts on your WordPress site. Completely customizable, responsive, search engine crawlable, and GDPR compliant Facebook feeds. Display unlimited Facebook feeds from your Facebook page or Facebook Group, and completely match the look and feel of your site with tons of customization options! Automatically powers any Facebook oEmbeds on your site. Active installations: 200,000+

  • WordPress Advanced Ticket System, Elite Support Helpdesk – Authenticated Stored Cross-Site Scripting (XSS)
    • This WordPress plugin adds the features of a complete support ticket system for WordPress. This allows users to submit tickets to report problems or get support on whatever you want directly through your WordPress website. Users can set the status, priority, product and type of each ticket submitted into this WordPress support plugin. WATS is perfect WordPress plugin for support plus advanced issue management. Active installations: 500+

  • ThinkTwit – Authenticated Stored Cross-Site Scripting (XSS)
    • ThinkTwit is a highly customisable plugin that can output tweets from multiple users (something that very few other plugins can do successfully), #hashtag or keyword. It uses the Twitter Search JSON API v1.1 to access tweets which can be cached. It is very simple, yet flexible and easily customised. It can be placed on your WordPress page simply through drag and drop on the Widgets interface or through the use of Shortcode or Output Anywhere (PHP function call). Supports i18n! Active installations: 100+

  • WordPress Slider Block Gutenslider – Contributor+ Stored XSS
    • Gutenslider is an image slider and video slider plugin for WordPress that adds a simple to use Gutenberg slider block to your WordPress editor. You do not need
      other editors but can manage everything directly in the Gutenberg editor you already know and love. You can add any content on top that you want! Gutenslider is faster and slicker than any other slider around. Go and try it out yourself and make use of a content slider, image slider and video slider that will increase user engagement on your website and allow you to create your sliders in seconds not in minutes, by using the Gutenberg backend editor you know already. No need to study complicated backend editors. Gutenslider is the best match for you and your customers. Active installations: 10,000+

  • Alojapro Widget – Authenticated Stored Cross-Site Scripting(XSS)
    • Basic search box with check-in and check-out dates to make a search on Alojapro booking engine. Also allows to set and email and/or a discount code. The Iframe functionality allows the user to integrate the bookings search results into any page. Active installations: 10+

  • Post Index – CSRF to Stored XSS
    • This plugin has been closed as of July 20, 2022 and is not available for download. This closure is temporary, pending a full review.

  • Admin Custom Login – CSRF to Stored XSS
    • Admin custom login plugin give ability to customize your WordPress admin login page according to you. Create unique login design or admin login design with admin custom login plugin, Almost every element on login page is customize-able with admin custom login plugin. Design beautiful and eye catching login page styles in few Minutes . Active installations: 50,000+

  • Slider Hero with Animation, Video Background & Intro Maker – CSRF to Stored XSS
    • Slider Hero is a futuristic, responsive header Hero Slider plugin and Dyanmic Website Intro Advert maker with Youtube Video background and animated background effects for hero banners, hero sliders and Landing pages. Create awesome animation slider and animated header with text carousel and Call to Action buttons from Gutenberg Slider Block & Elementor Slider Widget. Use youtube video background or combine animation effect and youtube video. Active installations: 4,000+

  • WP SMS – Authenticated Stored Cross-Site Scripting
    • By WP SMS you can add the ability of SMS sending to your WordPress product. So you can send SMS to your newsletter subscribers or your users and get their attentions to your site and products. Active installations: 8,000+

  • Poll Maker – Reflected Cross-Site Scripting
    • Poll Maker plugin is developed to build awesome polls and conduct interactive elections super easily and quickly. Our WordPress Polling Plugin gives impressive tools to create powerful and simple polls. You have 5 poll types to choose from, advanced settings, dozens of style options included 7 pre-build themes, and many more functionalities a professional poll builder will wish for. Looking for the best poll plugin for WordPress via which you can create a poll in minutes? You are in the right place! Active installations: 2,000+

  • SpeakOut! Email Petitions – Reflected Cross-Site Scripting
    • SpeakOut! Email Petitions allows you to easily create petition forms on your site. When visitors to your site submit the petition form, a copy of your message will be sent to the email address you specified e.g. your mayor. They can also choose to have the email BCC’d to themselves (default). The petition message will be signed with the contact information provided by the form submitter. After signing the petition, visitors will have the option of sharing your petition page with their followers on Facebook or Twitter. Active installations: 5,000+

  • Tutor LMS – eLearning and online course solution – Reflected Cross-Site Scripting
    • Tutor is a complete, feature-packed and robust WordPress LMS plugin to create & sell courses online easily. All the features of this learning management system hits all the checkpoints for a full-fledged online course marketplace. You can create challenging and fun quizzes, interactive lessons, powerful reports and stats making Tutor potentially the best free WordPress LMS plugin. Manage, administer and monetize your education, online school, and online courses without having to write a single line of code. Active installations: 30,000+

  • Two Factor Authentication – Reflected Cross-Site Scripting
    • A simple light weight and highly secure Two-Factor Authentication(2FA/TFA) for your WordPress site. This plugin adds an additional layer of Authentication to your WordPress login after entering the correct username and password. It protects your website from hacks and unauthorized login attempts. Active installations: 700+

  • FV Flowplayer Video Player – Reflected Cross-Site Scripting
    • Custom HTML 5 video on your own site with Flash fallback for legacy browsers is here. FV Player is a free, easy-to-use, and complete solution for embedding FLV or MP4 videos into your posts or pages. With MP4 videos, FV Player offers 98% coverage even on mobile devices. Active installations: 40,000+

  • Software License Manager – Reflected Cross-Site Scripting
    • Software license management solution for your web applications (WordPress plugins, Themes, PHP based membership script etc.) This plugin is very useful for creating a license server and doing the following via API Active installations: 1,000+

  • Moova for WooCommerce – Reflected Cross-Site Scripting
    • Integrate with moova to get same-day shipping at affordable rates. This extension would allow clients to from Uruguay, Argentina, Mexico, Chile, Peru, Guatemala, and Panama to automate your shippings. Active installations: 90+

  • Skaut bazar – Reflected Cross-Site Scripting
    • Implementace jednoduchého bazaru s možností online rezervace přes email. Plugin po aktivaci se vkládá na libovolnou stránku pomocí Shortcodes: [skautbazar]. Plugin podporuje i MultiSite, takže můžete mít na každé stránce jiný bazar, s vlastním nastavením a vším co je s tím spojené. V nastavení je možnost výrozích hodnot. Tedy jméno, přijímení, email a telefon. Požadovaný je vše kromě telefonu. Při zakládání nového inzerátu, jsou požadovaná pole označena kvězdičkou. Active installations: 90+

  • CBX Bookmark & Favorite – Reflected Cross-Site Scripting
    • This plugin is inspired from youtube’s bookmark or favorite feature. User can create their own bookmark category public or private and save articles inside different folders/list/category. Later we extended the plugin so that category can be global created by admin or single click bookmark without any category as pro features. There are lots of practical use for this simple but useful(we like to call it ‘powerful’) plugin. This plugin can help you create a bookmark site or user generated list site. Active installations: 1,000+

  • Afterpay Gateway for WooCommerce – Reflected Cross-Site Scripting
    • Give your customers the option to buy now and pay later with Afterpay. The “Afterpay Gateway for WooCommerce” plugin provides the option to choose Afterpay as the payment method at the checkout. It also provides the functionality to display the Afterpay logo and instalment calculations below product prices on category pages, individual product pages, and on the cart page. For each payment that is approved by Afterpay, an order will be created inside the WooCommerce system like any other order. Automatic refunds are also supported. Active installations: 10,000+

  • Auto Amazon Links – Amazon Associates Affiliate Plugin – Reflected Cross-Site Scripting
    • Still manually searching products and pasting Amazon affiliate links in WordPress posts? What happens if the products get outdated? With this plugin, you do not have to worry about it nor trouble to do such repetitive tasks. Just pick categories which suit your site and it will automatically display the links of decent products just coming out from Amazon today. Active installations: 10,000+

  • SEOPress, on-site SEO – Authenticated Stored Cross-Site Scripting
    • SEOPress is a powerful WordPress SEO plugin to optimize your SEO, boost your traffic, improve social sharing, build custom HTML and XML Sitemaps, create optimized breadcrumbs, add schemas / Google Structured data types, manage 301 redirections and so much more. Active installations: 100,000+

  • 博客社交分享组件 – Subscriber+ Stored Cross-Site Scripting
    • 博客社交分享组件是一款整合了网站打赏,文章点赞,微海报及文章社交分享功能插件。插件为读者提供点赞、微海报和社交分享功能,激励网站访客互动,提升WordPress博客文章传播;同时方便访客通过二维码打赏(捐赠)站长以鼓励站长继续创作贡献。 Active installations: 1,000+

  • Shopping Cart & eCommerce Store – CSRF to Stored Cross-Site Scripting
    • WP EasyCart is a powerful FREE WordPress eCommerce store & WordPress Shopping Cart plugin that installs into new or existing websites. Get a fast WordPress eCommerce shopping cart store within minutes! Sell retail products, subscriptions, digital downloadable goods, gift cards, donations, services and more! Active installations: 6,000+

Stay Healthy! A healthier online business starts today and it begins with you. Hire security experts to solve all your XSS AUG 2021 issues.

BRIEF: Cross-Site Scripting AUG 2021 is a type of security vulnerability typically found in web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.


What is Cross-Site Scripting AUG 2021?

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.

An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page.

What is the impact of a XSS AUG 2021 attack?

The actual impact of an XSS attack generally depends on the nature of the application, its functionality and data, and the status of the compromised user. For example:

– In a simple public application, where all users are anonymous and all information is public, the impact will often be minimal. Nothing else to steal.
– In an application holding sensitive or private/personal data, such as banking transactions, emails, or healthcare records, the impact will usually be serious.
– If the compromised user has elevated privileges within the application, then the impact will generally be critical, allowing the attacker to take full control of the vulnerable application and compromise all users, owners and their data.

What kind of XSS attacks are exploited?

Reflected XSS, where the malicious script comes from the current HTTP request.
Stored XSS, where the malicious script comes from the website’s database.
DOM-based XSS, where the vulnerability exists in client-side code rather than server-side code.


SOLVE TODAY any reported XSS AUG 2021 vulnerability! Do you suspect any Cross-Site Scripting AUG 2021 in your WordPress?

Not sure that our recurrent security offer is worthy of long-term consideration? Contact us today for a FREE Cross-Site Scripting AUDIT! Decide after you compare RISK + IMPACT versus COST.

Related Posts