Scroll Top

ALERT: 84 XSS JAN 2022 – Cross-Site Scripting JAN 2022 Blast


XSS JAN 2022 – Cross-Site Scripting JAN 2022

Tailored WordPress Security Report

Be informed about the latest Cross-Site Scripting JAN 2022, identified and reported publicly. As these XSS JAN 2022 vulnerabilities have a severe negative impact on any WordPress Security, consider our FREE security consulting.

An estimated jaw-dropping 12.869.600+ active WordPress installations were susceptible to these attack types, considering only the publicly disclosed and available numbers. It is a mind-boggling 664% increase compared to last month. The estimated number can increase by 20-25% with premium versions as they are private purchases.

Furthermore, the initial estimation can triple if we consider (1) the already patched versions BUT NOT UPDATED by owners, as the vulnerability remains active within their domain; and (2) the closed “uncounted” versions remain active on domains already running the plugins, as nobody is maintaining security. As these owners start changing their hosting provider (due to constant unexplained issues), they actively migrate these vulnerabilities behind new / protected areas, possibly exposing other clean WP to different attack types.

The following cases made headlines PUBLICLY in the XSS JAN 2022 category:

Hire security geeks to protect your WP from publicly reported cases of XSS JAN 2022 BEFORE IT’S TOO LATE! You will also protect your customers, your reputation and your online business!

  • Paid Memberships Pro – Reflected Cross-Site Scripting (XSS)
    • Paid Memberships Pro gives you all the tools you need to start, manage, and grow your membership site. The plugin is designed for premium content sites, online course or LMS and training-based memberships, clubs and associations, members-only product discount sites, subscription box products, paid newsletters, and more. Active installations: 100,000+

  • Display Post Metadata – Stored Cross-Site Scripting (XSS)
    • It is a useful plugin to display the metadata information and custom fields of posts and pages or custom post type. You can either display date, author, comments, views or sticky meta information and custom fields list or maybe if you like then you can display all of them. Active installations: 600+

  • Gwolle Guestbook – Reflected Cross-Site Scripting (XSS)
    • Gwolle Guestbook is the WordPress guestbook you’ve just been looking for. Beautiful and easy. Gwolle Guestbook is not just another guestbook for WordPress. The goal is to provide an easy and slim way to integrate a guestbook into your WordPress powered site. Don’t use your ‘comment’ section the wrong way – install Gwolle Guestbook and have a real guestbook. Active installations: 40,000+

  • Contact Form & Lead Form Elementor Builder – Unauthenticated Stored Cross-Site Scripting (XSS)
    • Lead Form Builder Plugin is a contact form builder as well as lead generator. Contact Form plugin is compatible with all page builders like Elementor, Brizy, SiteOrigin, Gutenburg etc. Lead Form Builder allows you to create beautiful contact forms. Plugin comes with nearly all field options required to create Contact form, Registration form, News letter and contain Ajax based drag & drop field ordering. Active installations: 20,000+

  • WordPress Download Manager – Stored Cross-Site Scripting (XSS)
    • WordPress Download Manager is a Files / Documents Management Plugin to manage, track and control file downloads from your WordPress Site. Use Passwords, User Roles to control access to your files, control downloads by speed or by putting a limit on download count per user, block bots or unwanted users or spammers using Captcha Lock or IP Block feature, you may also ask users to agree with your terms and conditions before they download. Active installations: 100,000+

  • Stetic – CSRF to Stored Cross-Site Scripting (XSS)
    • Use the popular Stetic Web Analytics on your WordPress blog. Just enter your project token and api key and the Stetic tracking code will be automaticly be added to your site. Now you can watch your stats on the wordpress dashboard and on the Stetic plugin statistics page. Active installations: 300+

  • Video Conferencing with Zoom – Reflected Cross-Site Scripting (XSS)
    • Simple plugin which gives you the extensive functionality to manage Zoom Meetings, Webinars, Recordings, Users, Reports from your WordPress Dashboard. Now, with capability to add your own post as a meeting. Create posts as meetings directly from your WordPress dashboard to show in the frontend as a meeting page. Allow users to directly join via that page with click of a button. Active installations: 30,000+

  • Mortgage Calculator / Loan Calculator – Stored Cross-Site Scripting (XSS)
    • Mortgage Calculator is a great value-add for any mortgage loan officer or real estate agent looking to provide good-looking, functional, valuable mortgage content to readers. The execution of this mortgage calculator is superb from the smooth sidebar integration, modal window results and AJAX-based graphs that are incredibly visually appealing. It’s a great little loan application that delivers a lot of mortgage value in a user-friendly and well-executed way. Active installations: 3,000+

  • Variation Swatches for WooCommerce – Stored Cross-Site Scripting (XSS)
    • Variation Swatches for WooCommerce plugin provides a much nicer way to display variations of variable products. This plugin will help you select style for each attribute as color, image or label. With this plugin, you can present product colors, sizes, styles and many things in a better way which is not supported by WooCommerce. Active installations: 80,000+

  • WooCommerce PDF Invoices & Packing Slips – Reflected Cross-Site Scripting (XSS)
    • This WooCommerce extension automatically adds a PDF invoice to the order confirmation emails sent out to your customers. Includes a basic template (additional templates are available from WP Overnight) as well as the possibility to modify/create your own templates. In addition, you can choose to download or print invoices and packing slips from the WooCommerce order admin. Active installations: 300,000+

  • PowerPack Addons for Elementor – Reflected Cross-Site Scripting (XSS)
    • Extend Elementor with 60+ Creative Elementor Widgets and extensions with PowerPack Addons for Elementor – The fastest-growing Elementor addon. Get 30+ Free Elementor widgets with PowerPack Lite. These Elementor widgets are designed with a focus on creativity and usability. With PowerPack, building Elementor websites will be faster than ever! Active installations: 60,000+

  • Booking Calendar – Reflected Cross-Site Scripting (XSS)
    • Booking Calendar plugin enable awesome booking system for your site. Simply show availability and receive bookings for your property or service in easy to use booking system with clean and smooth interface. Active installations: 60,000+

  • Smash Balloon Social Post Feed – Reflected Cross-Site Scripting (XSS)
    • Display Facebook posts on your WordPress site. Completely customizable, responsive, search engine crawlable, and GDPR compliant Facebook feeds. Display unlimited Facebook feeds from your Facebook page or Facebook Group, and completely match the look and feel of your site with tons of customization options! Automatically powers any Facebook oEmbeds on your site. Active installations: 200,000+

  • Crisp Live Chat – CSRF to Stored Cross-Site Scripting (XSS)
    • Crisp Live Chat is a free and beautiful chat for your website. This is the ultimate free Live Chat plugin for WordPress if you want to grow your email list, generate leads, and enhance your customer relationship within the same software. Active installations: 30,000+

  • Fathom Analytics – Stored Cross-Site Scripting (XSS)
    • For the longest time, website analytics software was seriously bad. It was hard to understand, time-consuming to use, and worse, it exploited visitor data for big tech to profit. Fathom Analytics is website analytics that doesn’t suck. We revolutionized website analytics by making them easy to use and respectful of privacy laws (like GDPR, CCPA, PECR and more). Active installations: 2,000+

  • Easy Forms for Mailchimp – Reflected Cross-Site Scripting (XSS)
    • Easy Forms for Mailchimp allows you to add unlimited Mailchimp sign up forms to your WordPress site. You can add forms to posts, pages, sidebars and other widgetized areas. Your Mailchimp API Key connects your site to your account and pulls in all of your list information. List statistics can be viewed right from your dashboard. Active installations: 100,000+

  • Smart SEO Tool – SEO优化插件 – Reflected Cross-Site Scripting (XSS)
    • Smart SEO Tool是一款专门针对WordPress开发的智能SEO优化插件,与众多WordPress的SEO插件不一样的是,Smart SEO Tool更加简单易用,帮助站长快速完成WordPress博客/网站的SEO基础优化。提供TITLES&METAS优化、图片Title&Alt优化、链接优化、robots.txt及Sitemap生成五大功能模块。 Active installations: 9,000+

  • Banner Creator – Stored Cross-Site Scripting (XSS)
    • The Banner Creator is easily customisable to your needs, your audience and the devices they use. You can create a banner from any image* you want, or choose from six beautiful photos inspired by the most popular themes on Then just enter a clear call-to-action and you’re ready to go! Active installations: 3,000+

  • Product Helper – Stored Cross-Site Scripting (XSS)
    • The Product Helper allows you to embed any affiliate product on your website. With this plugin, you simply paste the embed code from the Affiliate Partner Centre and generate a shortcode, which can be used anywhere on your WordPress website. Active installations: 2,000+

  • SEUR Oficial – Stored Cross-Site Scripting (XSS)
    • The SEUR plugin for WooCommerce allows you to manage your order dispatches in a fast and easy way. Generate your labels for each order and request collection from your own facilities whenever you need. You can configure your shipping rates based on urgency of delivery, weight, product price or buyer’s postcode. Active installations: 1,000+

  • Mobile Events Manager – Stored Cross-Site Scripting (XSS)
    • Mobile Events Manager is the WordPress solution for Event based businesses who want rid of their paper diaries. It allows your clients to login and view their event details. It also allows your employees to view events assigned to them too. Active installations: 20+

Stay Healthy! A healthier online business starts today and it begins with you. Hire security experts to solve all your XSS JAN 2022 issues.

BRIEF: Cross-Site Scripting JAN 2022 is a type of security vulnerability typically found in web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.


What is Cross-Site Scripting JAN 2022?

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.

An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page.

What is the impact of a XSS JAN 2022 attack?

The actual impact of an XSS attack generally depends on the nature of the application, its functionality and data, and the status of the compromised user. For example:

– In a simple public application, where all users are anonymous and all information is public, the impact will often be minimal. Nothing else to steal.
– In an application holding sensitive or private/personal data, such as banking transactions, emails, or healthcare records, the impact will usually be serious.
– If the compromised user has elevated privileges within the application, then the impact will generally be critical, allowing the attacker to take full control of the vulnerable application and compromise all users, owners and their data.

What kind of XSS attacks are exploited?

Reflected XSS, where the malicious script comes from the current HTTP request.
Stored XSS, where the malicious script comes from the website’s database.
DOM-based XSS, where the vulnerability exists in client-side code rather than server-side code.

SOLVE TODAY any reported XSS JAN 2022 vulnerability! Do you suspect any Cross-Site Scripting JAN 2022 in your WordPress?

Not sure that our recurrent security offer is worthy of long-term consideration? Contact us today for a FREE Cross-Site Scripting consulting! Decide after you compare RISK + IMPACT versus COST.

Related Posts