ALERT: 77 XSS JUL 2021 – Cross-Site Scripting JUL 2021 Blast


XSS JUL 2021 – Cross-Site Scripting JUL 2021

Tailored WordPress Security Report

Be informed about the latest Cross-Site Scripting JUL 2021, identified and reported publicly. As these XSS JUL 2021 vulnerabilities have a severe negative impact on any WordPress Security, consider our FREE security AUDIT.

An estimated jaw-dropping 3.832.000+ active WordPress installations were susceptible to these attack types, considering only the publicly disclosed and available numbers. The estimated number can increase by 20-25% with premium versions as they are private purchases.

Furthermore, the initial estimation can triple if we consider (1) the already patched versions BUT NOT UPDATED by owners, as the vulnerability remains active within their domain; and (2) the closed “uncounted” versions remain active on domains already running the plugins, as nobody is maintaining security. As these owners start changing their hosting provider (due to constant unexplained issues), they actively migrate these vulnerabilities behind new / protected areas, possibly exposing other clean WP to different attack types.

It is a mind-boggling 600% increase compared to December 2020. We compare last month versus previous winter holiday season, which has the biggest shopping traffic and attack spike throughout the year. Read more about our previous reports here: ALERT: 43 XSS JUN 2021 – Cross-Site Scripting JUN 2021 Blast and 11 XSS – Cross-Site Scripting – WordPress Security DEC. The following cases made headlines PUBLICLY just last month in the XSS JUL 2021 category:

Hire security geeks to protect your WP from publicly reported cases of XSS JUL 2021 BEFORE IT’S TOO LATE! You will also protect your customers, your reputation and your online business!

  • YouTube Embed, Playlist and Popup – Stored XSS
    • WordPress YouTube Embed plugin is useful and convenient plugin to add videos to your WordPress website without coding knowledge.
      You can use our plugin for adding videos in widgets, posts, pages, so it mean you can add videos almost everywhere(also you can use our plugin shortcode to add it in header or footer of your website).
      Our plugin have some useful features that you’ll need. Here are the features of our plugin. Active installations: 7,000+

  • W3 Total Cache – Reflected XSS in Extensions Page
    • W3 Total Cache (W3TC) improves the SEO and user experience of your site by increasing website performance and reducing load times by leveraging features like content delivery network (CDN) integration and the latest best practices. Active installations: 1+ million

  • Community Event – Reflected XSS
    • The purpose of this plugin is to allow users to create a schedule of upcoming events and display events for the next 7 days in an AJAX-driven box or displaying a full list of upcoming events. Active installations: 90+

  • Popular Brand SVG Icons – Stored XSS
    • Add popular brand icons to WordPress with ease. Use these high quality SVG icons anywhere on your WordPress site, set the color and size using attributes. Active installations: 5,000+

  • WP HTML Mail – CSRF to XSS
    • Custom designed WordPress emails for your WooCommerce and EDD transactional emails, contact form notifications, your WordPress core emails, BuddyPress and many more. Active installations: 20,000+

  • Leaflet Map – Arbitrary Settings Update via CSRF Leading to Stored XSS
    • Add a map generated with LeafletJS: an open-source JavaScript library for mobile-friendly interactive maps. Map tiles are provided by default through OpenStreetMap, or MapQuest (with an app key). Can be set per map with shortcode attributes or through the dashboard settings. Active installations: 20,000+

  • Wr Age Verification – Reflected Cross-Site Scripting (XSS)
    • These days many websites offer services for a certain group of age means they allow only a certain age of people to visit their websites. So they use such an age verification plugin that confirms the user’s age and then automatically control the age of your website visitors and also restricted them from underage people. This plugin is useful in certain industries such as alcohol, gambling, and other irrelevant website content for children. For such help, Webriderz age verification is the most reliable one in the upcoming days. Active installations: 10+

  • 10Web Map Builder for Google Maps – Authenticated Stored XSS
    • 10Web Map Builder for Google Maps combines quality and simplicity, offering you an easy way to add unlimited Maps to your website. It’s an out of the box solution with some powerful functionality and additional customization options. The plugin is distinguished for its feature-packed free version, offering what are usually premium features absolutely free, such as unlimited number of responsive maps, geolocation feature, store locator, layers, unlimited markers, and more. Another great thing about it is that it features an intuitive builder, letting you customize your maps and preview the changes immediately with the live preview option. For additional quality features like marker icon builder, directions, skins and themes, marker listing and multi-level marker categories there is the premium version, which will let you further personalize your maps. Plugin uses clean code, which guarantees smooth operation and compatibility with any WordPress theme. Active installations: 10,000+

  • Video Posts Webcam Recorder – Authenticated Reflected XSS
    • Allow access to webcam and microphone when prompted by browser, to enable recording. Select Video/Audio mode (preconfigurable from settings), use Start/Stop buttons to record. Then you can playback preview, download recording or sent to server, or discard and retry. Active installations: 100+

  • ECPay Logistics for WooCommerce – Unauthenticated Reflected XSS
    • 綠界科技物流外掛套件,提供合作特店以及個人會員使用開放原始碼商店系統時,無須自行處理複雜的檢核,直接透過安裝設定外掛套件,便可以較快速的方式介接綠界科技的物流系統。 Active installations: 2,000+

  • Wonder Video Embed – Contributor+ Stored XSS
    • WonderPlugin Video Embed is an easy and powerful way to add videos to your WordPress. You can embed your video to the sidebar widget, WordPress posts and pages. It supports YouTube, Vimeo, Wistia and self-hosted MP4/WebM videos. The video player is fully responsive and works on iPhone, iPad, Android, Chrome, Firefox, Safari, Opera. Active installations: 8,000+

  • Maintenance – Authenticated Stored XSS
    • Maintenance plugin allows the WordPress site administrator to close the website for maintenance, enable “503 Service temporarily unavailable”, set a temporary page with authorization, which can be edited via the plugin settings. Easy customize the good look on all devices. Add your logo, background image, select the desired color, add text. Active installations: 600,000+

  • WP Custom Fields Search – Unauthenticated Reflected Cross-Site Scripting (XSS)
    • With this you can give your readers the ability to search and filter your posts / catalogue to quickly find the information they need. Any custom fields you have added to your posts can be made searchable as well as the core post fields like title, author, categories etc. Configurable input widgets allow you to customise the form further to build exactly the search you need for your site. Active installations: 4,000+

  • GTranslate – Reflected Cross-Site Scripting (XSS)
    • Translate WordPress with GTranslate plugin uses Google Translate automatic translation service to translate wordpress site with Google power and make it multilingual. With 103 available languages your site will be available to more than 99% of internet users. Our paid versions are fully SEO compatible which will increase your international traffic and sales. This translate plugin is a budget multilingual WordPress solution which combines automatic and human translations to save money and is easy to implement. Active installations: 300,000+

  • Paid Membership Pro – Cross-Site Scripting
    • Paid Memberships Pro gives you all the tools you need to start, manage, and grow your membership site. The plugin is designed for premium content sites, clubs/associations, subscription products, newsletters and more. Active installations: 100,000+

  • Yada Wiki – Stored Cross-Site Scripting
    • Yada Wiki provides a wiki post type, custom tags and categories, an index, and a table of contents option. The plugin allows you to link your wiki pages together using the wiki page titles. Active installations: 2,000+

  • Tutor LMS – Authenticated Stored Cross-Site Scripting
    • Tutor is a complete, feature-packed and robust WordPress LMS plugin to create & sell courses online easily. All the features of this learning management system hits all the checkpoints for a full-fledged online course marketplace. You can create challenging and fun quizzes, interactive lessons, powerful reports and stats making Tutor potentially the best free WordPress LMS plugin. Manage, administer and monetize your education, online school, and online courses without having to write a single line of code. Active installations: 30,000+

  • Youzify – Stored Cross-Site Scripting via Biography
    • Youzify (formerly Youzer) is the number one BuddyPress plugin on Envato Market, and thousands of customers agree that it takes your online community to the next level. This advanced and feature-rich plugin has the power to showcase your unique brand experience and immerse your users in a dynamic community of loyal and engaged customers that propels your business forwards. Active installations: 5,000+

  • Post Grid – Reflected Cross-Site Scripting
    • Almost everything is ready to create post grid from any post types, with few click you can generate beautiful grid for your blog post, product showcase, team member showcase, portfolio, gallery, archive post display, category post display, tags post display and custom taxonomy and terms post can be displayed via post grid. if you have basic knowledge in CSS you can style your own via layout editor to create unique style of your grid. Active installations: 70,000+

  • Portfolio Responsive Gallery – Authenticated Blind SQL Injections
  • Portfolio Responsive Gallery – Reflected Cross-Site Scripting
    • We suggest portfolio plugin for companies, designers, photographers, artists, freelancers etc. Our offered plugin will give you an opportunity to present your work maximal attractive and meaningful. Through our offered plugin you get a chance to unite several projects with their many photos and descriptions. As all of this is being done from our page, it becomes very easy to use our offered plugin. You can make unlimited quantity portfolios, which will include in them unlimited quantity projects. All portfolios and projects are being done separately, thanks to it you can create unique and different views in the same site.
      It is very easy to use this great plugin, you only need to upload photos and to write short descriptions, after which to copy the automatic shortcode and to add it in your post or page. Active installations: 10+

  • WP Offload SES Lite – Stored Cross-Site Scripting
    • Are your WordPress site emails not being delivered? That’s pretty common. Over 20,000 sites trust WP Offload SES Lite to send their site email. WordPress’ default email sending functions just don’t cut it these days. You absolutely need to set up something more. Active installations: 30,000+

  • WP SMS – Reflected Cross-Site Scripting
    • By WP SMS you can add the ability of SMS sending to your WordPress product. So you can send SMS to your newsletter subscribers or your users and get their attentions to your site and products. Active installations: 8,000+

  • TaxoPress – Authenticated Stored Cross-Site Scripting
    • TaxoPress allows you to create and manage Tags, Categories and all your WordPress taxonomy terms. With the TaxoPress plugin, you can build new taxonomies, and any taxonomy to different post types. Active installations: 80,000+

  • WP LMS – Stored Cross-Site Scripting
    • WP Learn Manager is extensive, featured rich and comprehensive learning management system for WordPress. WP Learn Manager comes with a lots of features like course list, course search with many filters, create course, create lectures, Add Quizzes, take lectures, enrollment, shortlist courses, Messaging, Social logins, Social sharing, Awards and many more. Active installations: 90+

  • Magic Post Thumbnail – Reflected Cross-Site Scripting
    • Automatically generate thumbnails & images for your posts ! Retrieve images from Google Images, Flickr or Pixabay thanks to API, based on your post title, text analysis and much more. The plugin add picture as your featured thumbnail or inside the post when you publish the post. Active installations: 9,000+

Stay Healthy! A healthier online business starts today and it begins with you. Hire security experts to solve all your XSS JUL 2021 issues.

BRIEF: Cross-Site Scripting JUL 2021 is a type of security vulnerability typically found in web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.


What is Cross-Site Scripting JUL 2021?

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.

An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page.

What is the impact of a XSS JUL 2021 attack?

The actual impact of an XSS attack generally depends on the nature of the application, its functionality and data, and the status of the compromised user. For example:

– In a simple public application, where all users are anonymous and all information is public, the impact will often be minimal. Nothing else to steal.
– In an application holding sensitive or private/personal data, such as banking transactions, emails, or healthcare records, the impact will usually be serious.
– If the compromised user has elevated privileges within the application, then the impact will generally be critical, allowing the attacker to take full control of the vulnerable application and compromise all users, owners and their data.

What kind of XSS attacks are exploited?

Reflected XSS, where the malicious script comes from the current HTTP request.
Stored XSS, where the malicious script comes from the website’s database.
DOM-based XSS, where the vulnerability exists in client-side code rather than server-side code.


CONTACT US TODAY with any reported XSS JUL 2021 vulnerability! Do you suspect any Cross-Site Scripting in your WordPress?

Do you suspect any Cross-Site Scripting within your WordPress? Contact us today for a free scan!

Related Posts
error: Alert: is protected!