Scroll Top

ALERT:228 XSS SEP 2021 – Cross-Site Scripting SEP 2021 Blast


XSS SEP 2021 – Cross-Site Scripting SEP 2021

Tailored WordPress Security Report

Be informed about the latest Cross-Site Scripting SEP 2021, identified and reported publicly. As these XSS SEP 2021 vulnerabilities have a severe negative impact on any WordPress Security, consider our FREE security AUDIT.

An estimated jaw-dropping 8.699.000+ active WordPress installations were susceptible to these attack types, considering only the publicly disclosed and available numbers. The estimated number can increase by 20-25% with premium versions as they are private purchases.

Furthermore, the initial estimation can triple if we consider (1) the already patched versions BUT NOT UPDATED by owners, as the vulnerability remains active within their domain; and (2) the closed “uncounted” versions remain active on domains already running the plugins, as nobody is maintaining security. As these owners start changing their hosting provider (due to constant unexplained issues), they actively migrate these vulnerabilities behind new / protected areas, possibly exposing other clean WP to different attack types.

It is a mind-boggling 1973% increase compared to December 2020. We compare last month versus previous winter holiday season, which has the biggest shopping traffic and attack spike throughout the year. Read more about our previous reports here: ALERT:150 XSS AUG 2021 – Cross-Site Scripting AUG 2021 Blast and 11 XSS – Cross-Site Scripting – WordPress Security DEC. The following cases made headlines PUBLICLY just last month in the XSS SEP 2021 category:

Hire security geeks to protect your WP from publicly reported cases of XSS SEP 2021 BEFORE IT’S TOO LATE! You will also protect your customers, your reputation and your online business!

  • Alojapro Widget – Authenticated Stored Cross-Site Scripting (XSS)
    • Basic search box with check-in and check-out dates to make a search on Alojapro booking engine. Also allows to set and email and/or a discount code. The Iframe functionality allows the user to integrate the bookings search results into any page. Active installations: 10+

  • Shortcodes Ultimate – Contributor+ Stored XSS
    • Shortcodes Ultimate is a comprehensive collection of various visual and functional elements, which you can use in the post editor, text widgets or even in template files. Using Shortcodes Ultimate you can easily create tabs, buttons, boxes, sliders and carousels, responsive videos and much, much more. Active installations: 800,000+

  • TextMe SMS – Authenticated Stored XSS
    • This plugin allows you to send SMS messages from your WordPress dashboard to the site owner or to your end users. Enter the needed credentials. Define the events to trigger the SMS submission. Write custom messages to be sent to your users. Increase user engagment using dynamic fields inside your message to create personalized messages. Active installations: 600+

  • Station Pro Plugin – Reflected Cross-Site Scripting (XSS)
    • Now in its newest version the station Pro has more features and is compatible with most browsers and mobile device with a new technology for easily play in your radio station. Now you can customize your Player yourself through wordpress! Now it’s easy to have your radio station where you’ll install your URL and let Station Pro work for you with a simple, fast and functional touch! Active installations: 3,000+

  • WP Statistics – Reflected Cross-Site Scripting (XSS)
    • Do you need a simple tool to know your website statistics? Do you need to represent these statistics? Are you caring about your users’ privacy while analyzing who are interested in your business or website? With WP Statistics you can know your website statistics without any need to send your users’ data anywhere. You can know how many people visit your personal or business website, where they’re coming from, what browsers and search engines they use, and which of your contents, categories, tags and users get more visits. Active installations: 600,000+

  • Watu Quiz – Reflected XSS
    • Create exams, surveys, and quizzes and display the result immediately after the user completes the questionnaire. You can assign grades and point levels for every grade in the exam / quiz. Then assign points to every answer to a question and Watu Quiz will figure out the grade based on the total number of points collected. Active installations: 7,000+

  • ELEX WooCommerce Google Shopping (Google Product Feed) – Reflected Cross-Site Scripting (XSS)
    • The ELEX WooCommerce Google Shopping (Google Product Feed) plugin is a free WooCommerce plugin that serves in feeding your WooCommerce products to Google so that when online shoppers search for on Google, they can find your products in the Google search results and Google Shopping Ads. Even though if you have implemented the best SEO strategy for your WooCommerce product pages to come up in the Google SERPs, this free Google product feed plugin for WooCommerce shows the preview of the product with information like product title, product image, price, availability, color, and so on. Active installations: 2,000+

  • Coming Soon and Maintenance Mode – Authenticated Stored XSS
    • Coming soon and Maintenance mode plugin is an awesome tool to show your website visitors that you are working on your website for making it better. It’s not easy to create under construction page for WordPress without coding knowledge. That’s why our team do his best to help WordPress users to create maintenance pages easily and quickly. Active installations: 10,000+

  • Ad Blocker Notify Lite – Reflected Cross-Site Scripting (XSS)
    • Detect AdBlock and notify users. Whether you are running a personal blog or a magazine website, Ad Blocker Notify will help you block AdBlockers (eg: AdBlock Plus) and increase your ad revenue.
      Ad Blocker Notify is a very easy to use plugin with get around options and a lot of settings. A smart dashboard widget with counter & statistics is included! Active installations: 5,000+

  • AMP extensions – Reflected Cross-Site Scripting (XSS)
    • The AMP Project is an open-source initiative aiming to make the web better for all. The project enables the creation of websites and ads that are consistently fast, beautiful and high-performing across devices and distribution platforms. Active installations: 10+

  • Aoi Tori – Reflected Cross-Site Scripting (XSS)
    • Aoi Tori is the successor to Twitter Stream, a WordPress plugin I authored quite a long time ago. It is designed to add features I wanted to add back then, but didn’t have the knowledge to implement. Active installations: 30+

  • Easy Gallery Slideshow – Reflected Cross-Site Scripting (XSS)
    • Easily add a simple gallery to posts and pages with a shortcode. You can add selcect multiple images and add to a specific post. The gallery is responsive and has button to autoplay the slideshow. Users can also browse the thumbnail from the toolbar added to the slideshow. Active installations: 10+

  • Stars Menu – Reflected Cross-Site Scripting (XSS)
    • StarsMenu is a powerful, advanced, user-friendly and absolutely responsive Plugin which is designed for WordPress. By using this Plugin, you can automatically convert your menu(s) to a modern and attractive hamburger shaped menu. This Plugin allows you to add an interesting responsive mobile navigation menu to your website which is similar to popular and native menus of Mobile Applications. You can completely customize the styles and other settings of your menus using theme editor and easily build attractive, professional and special menus. Indeed, the StarsMenu Plugin is a Menu Builder for WordPress which allows to build any layout for your menu by Drag and Drop function. Active installations: 30+

  • tcS3 – Reflected Cross-Site Scripting (XSS)
    • This all-inclusive plugin uses the AWS SDK for PHP to facilitate uploads directly from your WordPress instance to S3. Amazon’s inexpensive, unlimited cloud storage system is an excellent asset backend for all websites and this plugin allows you to seamlessly interact with your S3 bucket right from within your dashboard. Active installations: 200+

  • WebHotelier for WordPress – Reflected Cross-Site Scripting (XSS)
    • This WordPress Plugin is a form generator/manager exlusively designed to aid WebHotelier Clients on generating and managing forms which are linked to their WebHotelier accounts so that their website visitors can directly search for room availability. Active installations: 200+

  • Podcast Subscribe Buttons – Stored XSS
    • This plugin helps to easily include 60+ custom and Podcast-specific Subscribe (follow) Buttons anywhere within your site with a simple shortcode. Active installations: 7,000+

  • Limit Login Attempts – Unauthenticated Stored Cross-Site Scripting
    • WordPress Firewall, Advanced SQL Injection, Cross-Site Scripting, Remote File Inclusion, Brute Force Login Security, Spam Protection (Anti spam) & Limit Login Attempts for Login Protection, IP Blocking, Database backup, protect site from hacks and malware. Brute Force protection, anti spam & Limit Login Attempts provides Login Security, Registrations Security, Brute Force attacks protection, IP monitoring and IP Blacklisting, strong passwords enforcement. Brute Force login attack can be conducted in number of ways. We provide you enterprise level security, protecting your WP website from hackers and malwares. Active installations: 3,000+

  • WooCommerce Affiliate Plugin – Coupon Affiliates – Reflected Cross-Site Scripting
    • Easily create an advanced coupon based affiliate program for WooCommerce, and display detailed coupon usage statistics. Give your affiliates access to a user-friendly affiliate dashboard for their coupons, via a unique link, to view coupon usage statistics, recent orders, commission earned, referral URLs and more. Active installations: 1,000+

  • Moova for WooCommerce – Reflected Cross-Site Scripting
    • Integrate with moova to get same-day shipping at affordable rates. This extension would allow clients to from Uruguay, Argentina, Mexico, Chile, Peru, Guatemala, and Panama to automate your shippings. Active installations: 100+

  • Responsive Poll – Reflected Cross-Site Scripting
    • The plugin allows you to create awesome poll on your WordPress site. It has many powerful features to create very beautiful and easy to use polls on your website. You can create / edit polls change the color and background color. If you are looking for a simple, easy but very professional polls for your website,so, you find it! This plugin is what you are looking for. Active installations: 80,000+

  • MPL-Publisher – Self-publish your ebook & audiobook – Reflected Cross-Site Scripting
    • MPL – Publisher 📚 helps you self-publishing an ebook, print-ready PDF book, HTML for Kindle Direct Publishing, or audiobook from your WordPress posts. If you are an author ✍️, it will solve the “how to publish my digital book” problem, doing it the simplest possible way 👌, easing the process of converting your book or ebook to ePub, print-ready PDF, mp3, Kindle, Mobi… etc. Active installations: 100+

  • NewsPlugin – CSRF to Stored Cross-Site Scripting
    • NewsPlugin is the ultimate FREE news plugin for WordPress. Create custom newsfeeds and watch the fresh relevant news headlines appear on your website. Choose keywords, number of articles and other settings, put the feed wherever you want using widgets or shortcodes. You can always shape the news right from your website, remove unwanted articles or star the good ones. Active installations: 1,000+

  • User Activity Log – Reflected Cross-Site Scripting
    • Does your site have many users for various admin side activity? Do you stuck with the issue to track user activity on your website admin side? do you want to secure your site by tracking log of all user activity? Do you want to get notified when the particular user logged in? Just relax, Now with the help of “User Activity Log” Plugin, you can track all users activity on your website. Active installations: 10,000+

  • Cookie Notice & Compliance for GDPR / CCPA – Stored Cross-Site Scripting
    • Cookie Notice provides a simple, customizable website banner that can be used to help your website comply with certain cookie consent requirements under the EU GDPR cookie law and CCPA regulations and includes seamless integration with Cookie Compliance to help your site comply with the latest updates to existing consent laws. Active installations: 1+ million

  • OAuth Single Sign On – SSO (OAuth Client) – Reflected Cross-Site Scripting
    • WordPress Single Sign-On ( SSO ) with OAuth & OpenID Connect plugin allows login ( Single Sign On ) with your Azure AD, Azure B2C, WSO2, Office 365, Azure AD, Clever, AWS Cognito, WSO2, Ping, Keycloak, WHMCS, Okta, LinkedIn, Onelogin, Salesforce, Invision Community, Slack, Amazon, Discord, Twitter, Apple, G Suite / Google Apps or other custom OAuth 2.0 & OpenID Connect providers. WordPress SSO ( Login ) plugin supports SSO with many OAuth 2.0 and OpenID Connect ( OIDC ) 1.0 providers. It also provides unlimited User Authentication with OAuth & OpenID Connect protocol and allows authorized user to login into the WordPress site. Support provided for Single-site & Multisite Network environments. You can checkout below video tutorial to know how to setup SSO with your OAuth / OpenID Connect providers. Active installations: 2,000+

  • WordPress Geo Plugin – CF Geo Plugin – Reflected Cross-Site Scripting
    • CF Geo Plugin is a GeoMarketing tool that allows you to have full geo control of your WordPress. CF Geo Plugin gives you ability to attach content, geographic information, geo tags, Google Maps to posts, pages, widgets and custom templates by using simple options, shortcodes, PHP code or JavaScript. It also lets you specify a default geographic location for your entire WordPress blog, do SEO redirection, spam protection, WooCommerce control and many more. CF Geo Plugin help you to increase conversion, do better SEO, capture leads on your blog or landing pages. Active installations: 1,000+

  • Easy Social Icons – Reflected Cross-Site Scripting
    • You can upload your own social icon or font-awesome social icons, set your social URL, choose whether you want to display vertically or horizontally, left or right or center aligned, icon width height or margins. Active installations: 40,000+

  • Appointment Hour Booking – WordPress Booking Plugin – Stored Cross-Site Scripting
    • Appointment Hour Booking is a WordPress plugin for creating booking forms for appointments with a start time and a defined duration over a schedule. The start time is visually selected by the end user from a set of start times calculated based in the “open” hours and service duration. The duration/schedule is defined in the “service” selected by the customer. Each calendar can have multiple services with different duration and prices. Active installations: 3,000+

  • Better Find and Replace – Reflected Cross-Site Scripting
    • This plugin automatically find a specific word and will replace it with your own word. The changes will be automatically done before the website renders to the browser’s. It doesn’t affect any other plugins files or your database. Active installations: 10,000+

  • Modern Events Calendar Lite – Stored Cross-Site Scripting
    • WordPress event calendar plugin is the best tool used for managing events websites. Modern Events Calendar is a comprehensive events management plugin. It is a FREE events management plugin which is extremely user-friendly and well-designed for displaying the events calendar on the websites, ever easier. Active installations: 100,000+

  • Duplicate Page – Stored Cross-Site Scripting
    • Duplicate Posts, Pages and Custom Posts easily using single click. You can duplicate your pages, posts and custom post by just one click and it will save as your selected options (draft, private, public, pending). Active installations: 2+ million

  • Chained Quiz – Stored Cross-Site Scripting
    • This is an unique chained / conditional logic quiz plugin that lets you create quizzes where the next question depends on the answer to the previous question. Active installations: 3,000+

  • WP Google Maps – Multiple Admin+ Stored Cross-Site Scripting
    • Add a customized Google map or Store Locator to your WordPress posts and/or pages quickly and easily with the supplied shortcode. No fuss. No iFrames and super easy to use! Perfect for contact page maps, routes, maps showing delivery areas and any other use you can think of! Active installations: 400,000+

  • Bug Library – Reflected Cross-Site Scripting
    • This plugin provides an easy way to incorporate a bug/enhancement tracking system to a WordPress site. By adding a shortcode to a page, users will be able to display a bug list and allow visitors to submit new bugs / enhancements. The plugin will also provide search and sorting capabilities. A captcha and approval mechanism will allow the site admin to avoid spam. Active installations: 100+

  • Comments – wpDiscuz – Stored Cross-Site Scripting
    • AJAX realtime comment system with custom comment form and fields. Designed to supercharge WordPress native comments. Super fast and responsive with dozens of features. This is the best alternative to Disqus and Jetpack Comments, if you want to keep your comments in your database. Active installations: 90,000+

  • eID Easy – Reflected Cross-Site Scripting
    • This plugin makes secure identification and creating Qualified Electronic Signatures using eID methods much easier than implementing these identification methods yourself. Active installations: 100+

  • Tutor LMS – eLearning and online course solution – Stored Cross-Site Scripting
    • Tutor is a complete, feature-packed and robust WordPress LMS plugin to create & sell courses online easily. All the features of this learning management system hits all the checkpoints for a full-fledged online course marketplace. You can create challenging and fun quizzes, interactive lessons, powerful reports and stats making Tutor potentially the best free WordPress LMS plugin. Active installations: 40,000+

  • Easy Media Download – Stored Cross-Site Scripting
    • Easy Media Download is a free download manager for WordPress. It gives your users the ability to download digital media files from your website. The plugin is lightweight and makes downloading easier. You can create beautiful download button which instantly starts the download once clicked. Active installations: 20,000+

  • iQ Block Country – Stored Cross-Site Scripting
    • iQ Block Country is a plugin that allows you to limit access to your website content. You can either allow or disallow visitors from defined countries to (parts of) your content. Active installations: 30,000+

Stay Healthy! A healthier online business starts today and it begins with you. Hire security experts to solve all your XSS SEP 2021 issues.

BRIEF: Cross-Site Scripting SEP 2021 is a type of security vulnerability typically found in web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.


What is Cross-Site Scripting SEP 2021?

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.

An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page.

What is the impact of a XSS SEP 2021 attack?

The actual impact of an XSS attack generally depends on the nature of the application, its functionality and data, and the status of the compromised user. For example:

– In a simple public application, where all users are anonymous and all information is public, the impact will often be minimal. Nothing else to steal.
– In an application holding sensitive or private/personal data, such as banking transactions, emails, or healthcare records, the impact will usually be serious.
– If the compromised user has elevated privileges within the application, then the impact will generally be critical, allowing the attacker to take full control of the vulnerable application and compromise all users, owners and their data.

What kind of XSS attacks are exploited?

Reflected XSS, where the malicious script comes from the current HTTP request.
Stored XSS, where the malicious script comes from the website’s database.
DOM-based XSS, where the vulnerability exists in client-side code rather than server-side code.


SOLVE TODAY any reported XSS SEP 2021 vulnerability! Do you suspect any Cross-Site Scripting SEP 2021 in your WordPress?

Not sure that our recurrent security offer is worthy of long-term consideration? Contact us today for a FREE Cross-Site Scripting AUDIT! Decide after you compare RISK + IMPACT versus COST.

Related Posts