Vulnerability Description
php-mod/curl (a wrapper of the PHP cURL extension) before 2.3.2 allows XSS via the post_file_path_upload.php key parameter and the POST data to post_multidimensional.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Php Curl Class Project | Php Curl Class | < 2.3.2 |
| Ht Slider Range For Amazon Affiliates Project | Ht Slider Range For Amazon Affiliates | < 1.1.6 |
| Qiwi | Woo-Qiwi-Payment-Gateway | <= 0.0.9 |
| Teamleade | Teamleader Crm Forms | < 2.1.0 |
| Ptwooplugins | Invoicing With Invoicexpress For Woocommerce | < 3.0.3 |
| Shopello Api Project | Shopello Api | <= 2.9.0 |
Related Weaknesses (CWE)
References
- https://wpscan.com/vulnerability/0b547728-27d2-402e-ae17-90d539344ec7ExploitThird Party Advisory
- https://wpscan.com/vulnerability/0b547728-27d2-402e-ae17-90d539344ec7ExploitThird Party Advisory
FAQ
What is CVE-2021-30134?
CVE-2021-30134 is a vulnerability with a CVSS score of 6.1 (MEDIUM). php-mod/curl (a wrapper of the PHP cURL extension) before 2.3.2 allows XSS via the post_file_path_upload.php key parameter and the POST data to post_multidimensional.php.
How severe is CVE-2021-30134?
CVE-2021-30134 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-30134?
Check the references section above for vendor advisories and patch information. Affected products include: Php Curl Class Project Php Curl Class, Ht Slider Range For Amazon Affiliates Project Ht Slider Range For Amazon Affiliates, Qiwi Woo-Qiwi-Payment-Gateway, Teamleade Teamleader Crm Forms, Ptwooplugins Invoicing With Invoicexpress For Woocommerce.