CVE-2021-34640 PoC — WordPress 跨站脚本漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-34640.yaml

Associated Vulnerability

Title:WordPress 跨站脚本漏洞 (CVE-2021-34640)
Description:WordPress是WordPress（Wordpress）基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。 WordPress plugin Securimage-WP-Fixed 存在跨站脚本漏洞，该漏洞源于在3.5.4及以下版本中securimage-wp.php文件中使用了$ SERVER[PHP SELF]。攻击者可利用该漏洞注入任意的web脚本，从而受到跨站脚本的攻击。

Description

WordPress Securimage-WP-Fixed plugin 3.5.4 and prior contains a cross-site scripting vulnerability due to the use of $_SERVER['PHP_SELF'] in the ~/securimage-wp.php file, which allows attackers to inject arbitrary web scripts.

File Snapshot


 id: CVE-2021-34640

info:
  name: WordPress Securimage-WP-Fixed <=3.5.4 - Cross-Site Scripting
  aut

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!