CVE-2021-47984NVD

Vulnerability Summary

WordPress Plugin WP24 Domain Check 1.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the fieldnameDomain parameter. Attackers can inject JavaScript payloads through the plugin settings form at options.php that execute in the browsers of administrators viewing the settings page.

Severity Level

MEDIUM(6.4)

Published Date

Jun 8, 2026

Last Modified

Jun 8, 2026

Exploitation Status

????

EPSS Score (30-Day)

0.03%Probability

Root Weakness (CWE)

N/A

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredLow

User InteractionNone

ScopeChanged

ConfidentialityLow

IntegrityLow

AvailabilityNone

External References

https://www.exploit-db.com/exploits/49377
https://wordpress.org/plugins/wp24-domain-check/
https://www.vulncheck.com/advisories/wordpress-plugin-wp24-domain-check-stored-xss

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2021-47984NVD

Vulnerability Summary

External References