daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Auto Generated CVE annotations [Tue Sep 28 22:34:10 UTC 2021] 🤖

patch-1
GitHub Action 2021-09-28 22:34:10 +00:00
parent a64419f576
commit 631580be25
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
cves/2021/CVE-2021-34640.yaml
View File

@ -7,6 +7,12 @@ info:
reference: reference:
- https://wpscan.com/vulnerability/22017067-8675-4884-b976-d7f5a71279d2 - https://wpscan.com/vulnerability/22017067-8675-4884-b976-d7f5a71279d2
tags: wordpress,cve,cve2021,wp-plugin tags: wordpress,cve,cve2021,wp-plugin
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2021-34640
cwe-id: CWE-79
description: "The Securimage-WP-Fixed WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/securimage-wp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.5.4."
requests: requests:
- method: GET - method: GET