Lucene search
K

6 matches found

Wordfence Blog
Wordfence Blog
added 2021/09/28 3:8 p.m.38 views

PHP_SELFish Part 1 – Reflected XSS in underConstruction Plugin

Today’s post is part one of a two part blog post. It describes a cross site scripting vulnerability that exploits the PHPSELF variable. Tomorrow we will publish part two, which describes another plugin suffering from a similar vulnerability related to the use of PHPSELF. So be sure to look out fo...

4.3CVSS6.7AI score0.02335EPSS
Exploits1
Circl
Circl
added 2021/09/01 6:35 p.m.11 views

CVE-2021-39320

creationtimestamp| type| source ---|---|--- 2021-09-01 18:35:35+00:00| seen| https://t.me/cibsecurity/28172 2023-04-27 09:58:59+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-39320.yaml...

6.1CVSS6AI score0.02335EPSS
Exploits1References2
NVD
NVD
added 2021/09/01 3:15 p.m.10 views

CVE-2021-39320

The underConstruction plugin = 1.18 for WordPress echoes out the raw value of $GLOBALS'PHPSELF' in the ucOptions.php file. On certain configurations including Apache+modPHP, this makes it possible to use it to perform a reflected Cross-Site Scripting attack by injecting malicious code in the...

6.1CVSS0.02335EPSS
Exploits1References2
Cvelist
Cvelist
added 2021/09/01 2:15 p.m.19 views

CVE-2021-39320 underConstruction <= 1.18 - Reflected Cross-Site Scripting

The underConstruction plugin = 1.18 for WordPress echoes out the raw value of $GLOBALS'PHPSELF' in the ucOptions.php file. On certain configurations including Apache+modPHP, this makes it possible to use it to perform a reflected Cross-Site Scripting attack by injecting malicious code in the...

6.1CVSS6.2AI score0.02335EPSS
Exploits1References2
CVE
CVE
added 2021/09/01 2:15 p.m.75 views

CVE-2021-39320

CVE-2021-39320 affects the WordPress Under Construction plugin (versions

6.1CVSS6AI score0.02335EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2021/09/01 2:15 p.m.6 views

CVE-2021-39320 underConstruction <= 1.18 - Reflected Cross-Site Scripting

The underConstruction plugin = 1.18 for WordPress echoes out the raw value of $GLOBALS'PHPSELF' in the ucOptions.php file. On certain configurations including Apache+modPHP, this makes it possible to use it to perform a reflected Cross-Site Scripting attack by injecting malicious code in the...

6.1CVSS6.1AI score0.02335EPSS
Exploits1References2
Rows per page
Query Builder