What is the severity of CVE-2021-38340?

CVE-2021-38340 is classified as a medium severity vulnerability due to its potential for reflected Cross-Site Scripting.

How do I fix CVE-2021-38340?

To fix CVE-2021-38340, update the WordPress Simple Shop plugin to version 1.3 or later.

What kind of attack can be executed using CVE-2021-38340?

CVE-2021-38340 allows attackers to execute reflected Cross-Site Scripting attacks using the update_row parameter.

Which versions of the WordPress Simple Shop plugin are affected by CVE-2021-38340?

CVE-2021-38340 affects all versions of the WordPress Simple Shop plugin up to and including version 1.2.

Where in the code can I find the vulnerability for CVE-2021-38340?

The vulnerability for CVE-2021-38340 can be found in the ~/includes/add_product.php file, specifically involving the update_row parameter.

Vulnerability/
CVE-2021-38340

medium

6.1

CWE

9/9/2021

4/8/2024

CVE-2021-38340: Wordpress Simple Shop <= 1.2 Reflected Cross-Site Scripting

First published: Thu Sep 09 2021(Updated: )

The Wordpress Simple Shop WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the update_row parameter found in the ~/includes/add_product.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.

Credit: security@wordfence.com

Affected Software	Affected Version	How to fix
WordPress	<=1.2

Remedy

Uninstall plugin from WordPress site.

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2021-38340?
CVE-2021-38340 is classified as a medium severity vulnerability due to its potential for reflected Cross-Site Scripting.
How do I fix CVE-2021-38340?
To fix CVE-2021-38340, update the WordPress Simple Shop plugin to version 1.3 or later.
What kind of attack can be executed using CVE-2021-38340?
CVE-2021-38340 allows attackers to execute reflected Cross-Site Scripting attacks using the update_row parameter.
Which versions of the WordPress Simple Shop plugin are affected by CVE-2021-38340?
CVE-2021-38340 affects all versions of the WordPress Simple Shop plugin up to and including version 1.2.
Where in the code can I find the vulnerability for CVE-2021-38340?
The vulnerability for CVE-2021-38340 can be found in the ~/includes/add_product.php file, specifically involving the update_row parameter.

agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/remedy
agent/last-modified-date
agent/severity
agent/weakness
agent/author
agent/title
agent/first-publish-date
agent/description
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/wordpress simple shop project
canonical/wordpress
version/wordpress/1.2

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Frequently Asked Questions

What is the severity of CVE-2021-38340?
CVE-2021-38340 is classified as a medium severity vulnerability due to its potential for reflected Cross-Site Scripting.
How do I fix CVE-2021-38340?
To fix CVE-2021-38340, update the WordPress Simple Shop plugin to version 1.3 or later.
What kind of attack can be executed using CVE-2021-38340?
CVE-2021-38340 allows attackers to execute reflected Cross-Site Scripting attacks using the update_row parameter.
Which versions of the WordPress Simple Shop plugin are affected by CVE-2021-38340?
CVE-2021-38340 affects all versions of the WordPress Simple Shop plugin up to and including version 1.2.
Where in the code can I find the vulnerability for CVE-2021-38340?
The vulnerability for CVE-2021-38340 can be found in the ~/includes/add_product.php file, specifically involving the update_row parameter.