From 631580be25c0c23c5c2703bcad3271e7e97e54f5 Mon Sep 17 00:00:00 2001
From: GitHub Action <action@github.com>
Date: Tue, 28 Sep 2021 22:34:10 +0000
Subject: [PATCH] Auto Generated CVE annotations [Tue Sep 28 22:34:10 UTC 2021]
 :robot:

---
 cves/2021/CVE-2021-34640.yaml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/cves/2021/CVE-2021-34640.yaml b/cves/2021/CVE-2021-34640.yaml
index 731528b4d3..86afe87aa6 100644
--- a/cves/2021/CVE-2021-34640.yaml
+++ b/cves/2021/CVE-2021-34640.yaml
@@ -7,6 +7,12 @@ info:
   reference:
     - https://wpscan.com/vulnerability/22017067-8675-4884-b976-d7f5a71279d2
   tags: wordpress,cve,cve2021,wp-plugin
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.10
+    cve-id: CVE-2021-34640
+    cwe-id: CWE-79
+  description: "The Securimage-WP-Fixed WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/securimage-wp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.5.4."
 
 requests:
   - method: GET