CVE-2021-24926

MEDIUM NUCLEI

Domain Check WordPress Plugin < 1.0.17 - Reflected Cross-Site Scripting via Domain Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-24926. PoCs published by Ceylan BOZOĞULLARINDAN. A Nuclei detection template is also available.

AI-analyzed exploit summary This is a writeup describing a reflected XSS vulnerability in the WordPress Domain Check plugin (version 1.0.16 and prior). The vulnerability allows an authenticated user to inject arbitrary JavaScript code via the 'domain' parameter in the plugin's settings page.

Description

The Domain Check WordPress plugin before 1.0.17 does not sanitise and escape the domain parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting issue

Exploits (1)

exploitdb WRITEUP
by Ceylan BOZOĞULLARINDAN · textwebappsphp
https://www.exploit-db.com/exploits/50697

This is a writeup describing a reflected XSS vulnerability in the WordPress Domain Check plugin (version 1.0.16 and prior). The vulnerability allows an authenticated user to inject arbitrary JavaScript code via the 'domain' parameter in the plugin's settings page.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: WordPress Domain Check Plugin <= 1.0.16
Auth required
Prerequisites: Authenticated access to WordPress admin panel
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

WordPress Domain Check <1.0.17 - Cross-Site Scripting
MEDIUMby cckuailong

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/8cc7cbbd-f74f-4f30-9483-573641fea733

Scores

CVSS v3 6.1
EPSS 0.1291
EPSS Percentile 95.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
domaincheckplugin/domain_check < 1.0.17
Published Feb 01, 2022
Tracked Since Feb 18, 2026