PatchSiren cyber security CVE debrief
CVE-2021-47984 WP24 CVE debrief
CVE-2021-47984 is a stored cross-site scripting (XSS) vulnerability in WordPress Plugin WP24 Domain Check version 1.6.2. The vulnerability allows authenticated attackers to inject malicious scripts by submitting crafted input to the fieldnameDomain parameter. Attackers can inject JavaScript payloads through the plugin settings form at options.php that execute in the browsers of administrators viewing the settings page. The CVSS score for this vulnerability is 5.1, indicating a medium severity.
- Vendor
- WP24
- Product
- WP24 Domain Check
- CVSS
- MEDIUM 5.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-08
Who should care
Administrators and users of WordPress Plugin WP24 Domain Check version 1.6.2 should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability exists in the WP24 Domain Check plugin, specifically in version 1.6.2. It allows authenticated attackers to inject malicious scripts, which can then be executed in the browsers of administrators who view the settings page.
Defensive priority
Medium
Recommended defensive actions
- Update to a patched version of the WP24 Domain Check plugin, if available.
- Limit access to the plugin settings form at options.php to trusted users only.
- Implement additional security measures, such as input validation and output encoding, to prevent similar vulnerabilities.
Evidence notes
The CVE-2021-47984 vulnerability was reported by [email protected] and is referenced in the NVD database.
Official resources
CVE-2021-47984 was published on 2026-06-08T02:16:22.503Z and modified on 2026-06-08T14:59:44.750Z.