{"id":"CVE-2021-34643","details":"The Skaut bazar WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/skaut-bazar.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.3.2.","modified":"2026-03-14T11:00:15.905729Z","published":"2021-08-16T19:15:14.477Z","references":[{"type":"EVIDENCE","url":"https://plugins.trac.wordpress.org/browser/skaut-bazar/tags/1.3.2/skaut-bazar.php#L657"},{"type":"EVIDENCE","url":"https://www.wordfence.com/vulnerability-advisories/#CVE-2021-34643"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/skaut/skaut-bazar","events":[{"introduced":"0"},{"last_affected":"0c2cebfb2fb599aacadbe4c86016eacec59750b8"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.3.2"}]}}],"versions":["1.0.3","1.2","1.3","1.3.1","1.3.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-34643.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}