EUVD-2021-21290

Malware in sbrugna...

CVE-2021-34640

The Securimage-WP-Fixed WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /securimage-wp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.5.4...

Cross site scripting

The Securimage-WP-Fixed WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /securimage-wp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.5.4...

CVE-2021-34640 Securimage-WP-Fixed <= 3.5.4 Reflected Cross-Site Scripting

The Securimage-WP-Fixed WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /securimage-wp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.5.4...

CVE-2021-34640

CVE-2021-34640 affects the WordPress plugin Securimage-WP-Fixed (versions ≤ 3.5.4). The vulnerability is a reflected Cross-Site Scripting (XSS) caused by using $_SERVER['PHP_SELF'] in the securimage-wp.php file, allowing attackers to inject arbitrary web scripts into the affected site. Impact is ...

Securimage-WP-Fixed <= 3.5.4 - Reflected Cross-Site Scripting (XSS)

The plugin is affected by a Reflected Cross-Site Scripting issue due to the use of $SERVER'PHPSELF' in the /securimage-wp.php file which allows attackers to inject arbitrary web scripts PoC https://example.com/wp-admin/options-general.php/"/script%3E?page=securimage-wp-options%2F...

WordPress Securimage-WP-Fixed plugin <= 3.5.4 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Securimage-WP-Fixed plugin versions = 3.5.4. Solution This plugin has been closed as of August 9, 2021 and is not available for download. This closure is temporary, pending a full review...