22 XSS FEB 2021 - Cross-Site Scripting FEB 2021
WordPress Security Report
Be informed about the latest Cross-Site Scripting FEB 2021, identified and reported publicly. As these XSS FEB 2021 vulnerabilities have a severe negative impact on any WordPress Security, consider our FREE security AUDIT.
An estimated 2.465.600+ active WordPress installations are susceptible to this attack type, considering only the publicly available numbers. The estimated number can increase by 20-25% with premium versions as they are private purchases.
Furthermore, the initial estimation can triple if we consider the already patched versions BUT NOT UPDATED by owners, as the vulnerability remains active within their domain. As these owners start changing their hosting provider (due to constant unexplained issues), they actively migrate these vulnerabilities behind protected areas, possibly exposing other clean WP to different attack types.
It is a 57% increase compared to January 2022. Read more about our previous report here: ALERT: 14 XSS JAN 2021 – Cross-Site Scripting JAN 2021 Blast. The following cases made headlines PUBLICLY just last month in the XSS FEB 2021 category:
- All In One WP Security & Firewall < 4.4.6 - Authenticated Cross-Site Scripting (XSS)
- WordPress itself is a very secure platform. However, it helps to add some extra security and firewall to your site by using a security plugin that enforces a lot of good security practices. The All In One WordPress Security plugin will take your website security to a whole new level. Active installations: 900,000+
- WP Armour – Honeypot Anti Spam < 1.5.7 - Authenticated Stored Cross-Site Scripting (XSS)
- This plugins block spam submissions using honeypot anti spam technic. No Captcha or extra verification field hassle to the users. Only lets spam bots to suffer using our anti spam filter. Active installations: 6,000+
- Zebra_Form PHP Library Affects Multiple WordPress Plugins <= 2.9.8 - Reflected Cross-Site Scripting (XSS)
- Customer Service Software & Support Ticket System - By eMarket Design Active installations: 600+
-
teaser-maker-standard - By Fern Technology - No known fix - plugin closed
-
ad-swapper - By Ad Swapper Limited - No known fix - plugin closed
-
drug-search - By eMarket Design - No known fix - plugin closed
-
wp-inimat - By WaKeMaTTa (Mohamed Ziata) - No known fix - plugin closed
- Wyzi - Social Directory WordPress Theme < 2.4.3 - Reflected Cross-Site Scripting (XSS)
- Wyzi Service Business Finder WordPress Theme is an advanced Social Business & Service Multi-Store Directory Theme, which targets to build a website that overcomes the gap between Businesses and Customers. Active installations: not public info
Protect your WordPress from publicly reported cases of XSS FEB 2021 BEFORE IT’S TOO LATE! You will also protect your customers, your reputation and your online business!
- Contact Form 7 Style CSRF to Stored Cross-Site Scripting (XSS)
-
No known fix - plugin closed - Active installations: 50,000+
-
- Contact Form by Supsystic < 1.7.7 - Authenticated Stored Cross-Site Scripting (XSS)
- Simple and powerful Contact Form Builder by Supsystic with drag-and-drop editor. No coding knowledge is required. Active installations: 10,000+
- Data Tables Generator by Supsystic < 1.10.1 - Authenticated Stored Cross-Site Scripting (XSS)
- Create responsive data tables with sorting, searching, pagination, filtering and more. Easy-to-use tables, charts and data management. Active installations: 30,000+
- Digital Publications by Supsystic <= 1.6.11 - Authenticated Stored Cross-Site Scripting (XSS)
-
No known fix - plugin closed - Active installations: 50,000+
-
- Ivory Search – WordPress Search Plugin < 4.5.11 - Authenticated Reflected Cross-Site Scripting (XSS)
- Ivory Search is a simple to use advanced WordPress search plugin. It enhances the default WordPress search and also allows you to create new custom search forms. Active installations: 60,000+
- WordPress Gallery Plugin – NextGEN Gallery < 3.5.0 - CSRF allows File Upload, Stored XSS, and RCE
- NextGEN Gallery has been the industry’s standard WordPress gallery plugin since 2007 and continues to receive over 1.5 million new downloads per year. It’s easy for simple photo galleries, but powerful enough for the most demanding photographers, visual artists, and imaging professionals. Active installations: 800,000+
- WordPress Gallery Plugin – NextGEN Gallery PRO < 3.1.11 - Reflected Cross-Site Scripting (XSS)
- NextGEN Gallery has been the industry’s standard WordPress gallery plugin since 2007 and continues to receive over 1.5 million new downloads per year. It’s easy for simple photo galleries, but powerful enough for the most demanding photographers, visual artists, and imaging professionals. Active installations: 800,000+
- Photo Gallery by 10Web – Mobile-Friendly Image Gallery < 1.5.68 - Cross-Site Scripting (XSS)
- Photo Gallery is the leading plugin for building beautiful mobile-friendly galleries in a few minutes. Active installations: 300,000+
- Photo Gallery by 10Web – Mobile-Friendly Image Gallery < 1.5.69 - Reflected Cross-Site Scripting (XSS)
- Photo Gallery is the leading plugin for building beautiful mobile-friendly galleries in a few minutes. Active installations: 300,000+
- Popup Builder – Responsive WordPress Pop up – Subscription & Newsletter < 3.74 - Authenticated Reflected Cross-Site Scripting (XSS)
- Pop up anything with Popup Builder, create and manage powerful promotion modal popups for your WordPress blog or website. Powerful, and yet, easy to use this plugin that will help you to grab your visitors’ attention to introduce them your offers, discounts or other kind of promotional notices. Active installations: 200,000+
- Pricing Table by Supsystic < 1.9.0 - Authenticated Stored Cross-Site Scripting (XSS)
- Create amazing pricing tables without any programming skills. It’s possible with Pricing Table WordPress plugin by Supsystic. Choose pricing table template, edit content with Pricing table builder and publish on the website. Active installations: 40,000+
- Process Steps Template Designer < 1.3 - CSRF to Stored Cross-Site Scripting (XSS)
- Process Steps Template Designer plugin allow you to show your workflow, your software process or business process in a creative step by step responsive design template. Active installations: 4,000+
- Testimonial Rotator <= 3.0.3 - Authenticated Stored Cross-Site Scripting (XSS)
-
No known fix - plugin closed - Active installations: 13,000+
-
- Under Construction, Coming Soon & Maintenance Mode < 1.1.2 - Reflected Cross-Site Scripting (XSS)
- Under Construction, Maintenance Mode or Coming Soon landing page is needed when you are working hard to launch your website. This plugin helps you to post a message to your users while you can work behind the scenes. Active installations: 2,000+
CONTACT US TODAY with any reported XSS FEB 2021 vulnerability! Do you suspect any Cross-Site Scripting in your WP?
BRIEF: Cross-Site Scripting FEB 2021 is a type of security vulnerability typically found in web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.
What is Cross-Site Scripting FEB 2021?
Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.
An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page.
What is the impact of a XSS FEB 2021 attack?
The actual impact of an XSS attack generally depends on the nature of the application, its functionality and data, and the status of the compromised user. For example:
- In a simple public application, where all users are anonymous and all information is public, the impact will often be minimal. Nothing else to steal.
- In an application holding sensitive or private/personal data, such as banking transactions, emails, or healthcare records, the impact will usually be serious.
- If the compromised user has elevated privileges within the application, then the impact will generally be critical, allowing the attacker to take full control of the vulnerable application and compromise all users, owners and their data.
What kind of XSS attacks are exploited?
- Reflected XSS, where the malicious script comes from the current HTTP request.
- Stored XSS, where the malicious script comes from the website's database.
- DOM-based XSS, where the vulnerability exists in client-side code rather than server-side code.
Get Healthy, Stay Healthy! A healthier online business starts today and it begins with you. Let’s solve all your XSS FEB 2021 issues.
