28 XSS MAR 2021 - Cross-Site Scripting MAR 2021
Managed WordPress Security Report
Be informed about the latest Cross-Site Scripting MAR 2021, identified and reported publicly. As these XSS MAR 2021 vulnerabilities have a severe negative impact on any WordPress Security, consider our FREE security AUDIT.
An estimated jaw-dropping 6.178.000+ active WordPress installations are susceptible to this attack type, considering only the publicly available numbers. The estimated number can increase by 20-25% with premium versions as they are private purchases.
Furthermore, the initial estimation can triple if we consider the already patched versions BUT NOT UPDATED by owners, as the vulnerability remains active within their domain. As these owners start changing their hosting provider (due to constant unexplained issues), they actively migrate these vulnerabilities behind protected areas, possibly exposing other clean WP to different attack types.
It is a 154% increase compared to December 2020. We compare last month versus previous winter holiday season, which has the biggest shopping traffic and attack spike throughout the year. Read more about our previous report here: ALERT: 22 XSS FEB 2021 – Cross-Site Scripting FEB 2021 Blast and 11 XSS – Cross-Site Scripting – WordPress Security DEC. The following cases made headlines PUBLICLY just last month in the XSS MAR 2021 category:
- Advanced Booking Calendar < 1.6.7 - Authenticated Reflected Cross-Site Scripting (XSS)
- Advanced Booking Calendar < 1.6.8 - Authenticated Reflected Cross-Site Scripting (XSS)
- Booking Calendar for Accommodations. The easy way to manage your bookings and raise your occupancy rate. This Reservation System is made for modern Hoteliers who want to get hold of their online reservations. Active installations: 5,000+
- Advanced Order Export For WooCommerce < 3.1.8 - Reflected Cross-Site Scripting (XSS)
- This plugin helps you to easily export WooCommerce order data. Active installations: 100,000+
- Cooked Pro < 1.7.5.6 - Unauthenticated Reflected Cross Site Scripting (XSS)
- Cooked is the absolute best way to create & display recipes with WordPress. SEO optimized (rich snippets), galleries, cooking timers, printable recipes and much more. Active installations: 8,000+
- Elementor Website Builder
- Introducing a WordPress website builder, with no limits of design. A website builder that delivers high-end page designs and advanced capabilities, never before seen on WordPress. Active installations: 5+ million
- < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Accordion Widget
- < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Column Element
- < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Divider Widget
- < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Heading Widget
- < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Icon Box Widget
- < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Image Box Widget