CVE-2021-24926
published 2022-02-01CVE-2021-24926: The Domain Check WordPress plugin before 1.0.17 does not sanitise and escape the domain parameter before outputting it back in the page, leading to a Reflected…
PriorityP342medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
12.86%
95.8th percentile
The Domain Check WordPress plugin before 1.0.17 does not sanitise and escape the domain parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting issue
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| domaincheckplugin | domain_check | < 1.0.17 | 1.0.17 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
WordPress Plugin Domain Check 1.0.16 - Reflected Cross-Site Scripting (XSS) (Authenticated)
exploitdb·2022-02-02·CVSS 6.1
CVE-2021-24926 [MEDIUM] WordPress Plugin Domain Check 1.0.16 - Reflected Cross-Site Scripting (XSS) (Authenticated)
WordPress Plugin Domain Check 1.0.16 - Reflected Cross-Site Scripting (XSS) (Authenticated)
---
# Exploit Title: WordPress Plugin Domain Check 1.0.16 - Reflected Cross-Site Scripting (XSS) (Authenticated)
# Date: 30-10-2021
# Exploit Author: Ceylan Bozogullarindan
# Author Webpage: https://bozogullarindan.com
# Vendor Homepage: https://domaincheckplugin.com/
# Software Link: https://wordpress.org/plugins/domain-check/
# Version: 1.0.16
# Tested on: Linux
# CVE: CVE-2021-24926 (https://wpscan.com/vulnerability/8cc7cbbd-f74f-4f30-9483-573641fea733)
# Description:
Domain Check is a Wordpress plugin that allows you to see what domains and SSL certificates are coming up for expiration and to quickly locate the coupons, coupon codes, and deals from your favorite sites before renewing.
An a
Nuclei
WordPress Domain Check <1.0.17 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2021-24926 [MEDIUM] WordPress Domain Check <1.0.17 - Cross-Site Scripting
WordPress Domain Check alert(document.domain) HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body
words:
- "alert(document.domain)"
- "Domain Check"
condition: and
- type: status
status:
- 200
# digest: 4b0a00483046022100b70374ea9ce669580ec38d10d9142dc36c7787be85811b0cb0019f01e04e2456022100fbe39e09e413a1aab230fbc24d1478c995548689a49720ee941d0190e0f28ee8:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
2022-02-01
Published