CVE-2021-47984

MEDIUM

WordPress Plugin WP24 Domain Check 1.6.2 Stored XSS

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-47984. PoCs published by Mehmet Kelepçe.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in the WordPress WP24 Domain Check plugin (v1.6.2) via the 'fieldnameDomain' parameter. The payload injects malicious JavaScript into the plugin's settings, which executes when the stored value is rendered in the admin panel.

Description

WordPress Plugin WP24 Domain Check 1.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the fieldnameDomain parameter. Attackers can inject JavaScript payloads through the plugin settings form at options.php that execute in the browsers of administrators viewing the settings page.

Exploits (1)

exploitdb WORKING POC

by Mehmet Kelepçe · textwebappsphp

https://www.exploit-db.com/exploits/49377

View Code ZIP pw:eip

This exploit demonstrates a stored XSS vulnerability in the WordPress WP24 Domain Check plugin (v1.6.2) via the 'fieldnameDomain' parameter. The payload injects malicious JavaScript into the plugin's settings, which executes when the stored value is rendered in the admin panel.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: WordPress Plugin WP24 Domain Check 1.6.2

Auth required

Prerequisites: Admin access to WordPress · WP24 Domain Check plugin installed and activated

MITRE ATT&CK

T1059.007 - JavaScript T1189 - Drive-by Compromise

devstral-2 · analyzed Jun 08, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit exploit

ExploitDB-49377

https://www.exploit-db.com/exploits/49377

Product product

Official Product Homepage

https://wordpress.org/plugins/wp24-domain-check/

Third Party Advisory third-party-advisory

VulnCheck Advisory: WordPress Plugin WP24 Domain Check 1.6.2 Stored XSS

https://www.vulncheck.com/advisories/wordpress-plugin-wp24-domain-check-stored-xss

Scores

CVSS v3 6.4

EPSS 0.0019

EPSS Percentile 8.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

WP24/WP24 Domain Check 1.6.2

Published Jun 08, 2026

Tracked Since Jun 08, 2026