CVE-2021-34643

moderate-risk

Published 2021-08-16

The Skaut bazar WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/skaut-bazar.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.3.2.

Do I need to act?

22.9% chance of exploitation in next 30 days

EPSS score — higher than 77% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.1/10 Medium

NETWORK / LOW complexity

Affected Products (1)

Skaut-Bazar

Affected Vendors

Skaut-Bazar Project

References (4)

Exploit https://plugins.trac.wordpress.org/browser/skaut-bazar/tags/1.3.2/skaut-bazar.ph...

Exploit https://www.wordfence.com/vulnerability-advisories/#CVE-2021-34643

Exploit https://plugins.trac.wordpress.org/browser/skaut-bazar/tags/1.3.2/skaut-bazar.ph...

Exploit https://www.wordfence.com/vulnerability-advisories/#CVE-2021-34643

/ 100

moderate-risk

Severity 23/34 · High

Exploitability 14/34 · Moderate

Exposure 5/34 · Minimal