CVE-2021-47984
MediumCVSS 6.4Summary
The WordPress Plugin WP24 Domain Check version 1.6.2 contains a stored XSS vulnerability that allows authenticated attackers to inject malicious scripts via the fieldnameDomain parameter. Attackers can inject JavaScript payloads through the plugin settings form at options.php that execute in the browsers of administrators viewing the settings page.
Risk Assessment
This vulnerability poses a risk of executing malicious code in the browsers of administrators, potentially leading to data theft or account takeover. Organizations should be aware of the potential security implications for their systems.
Recommendation
It is recommended to update the WP24 Domain Check plugin to the latest version to mitigate this vulnerability. Additionally, conducting a security audit to identify and eliminate any other potential threats is advisable.
Original NVD description (English source)
WordPress Plugin WP24 Domain Check 1.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the fieldnameDomain parameter. Attackers can inject JavaScript payloads through the plugin settings form at options.php that execute in the browsers of administrators viewing the settings page.

