CVE-2021-34643 Scanner

Skaut bazar is a WordPress plugin developed to enable users to create a classified website where individuals can sell, buy, or exchange goods and services. This plugin comes equipped with multiple features such as creating multiple categories and subcategories, searching for items by category or keyword, and browsing items through easy-to-use filter options. It was designed to simplify the process of setting up a classified website thereby making it accessible to everyone.

In a recent development though, a vulnerability, CVE-2021-34643 has been discovered in the Skaut bazar WordPress plugin. This vulnerability was detected due to the use of $_SERVER['PHP_SELF'] which allowed attackers to inject arbitrary web scripts. In essence, the vulnerability provided attackers with access to the system's data which could be used to steal sensitive information such as login credentials, personal information, or financial data.

When this vulnerability is exploited, it can lead to a domino effect of issues. The most significant being, sensitive data being compromised, translating into reputational damage to the user’s business or personal brand. Additionally, it could lead to an influx of unauthorized access to the user’s website, which can result in the exploitation of other vulnerabilities.

It is essential to keep abreast of all the latest vulnerabilities present in your systems. With S4E pro features, security becomes personal and replaces guesswork, assumptions, and reports with an active monitoring system that provides the latest data on new and emerging vulnerabilities. This platform provides, in real-time, insights on emerging vulnerabilities, and advice on how to close those gaps found within the digital assets. With pro features, anyone can easily and quickly learn about vulnerabilities in their digital assets.

REFERENCES

• https://plugins.trac.wordpress.org/browser/skaut-bazar/tags/1.3.2/skaut-bazar.php#L657
• https://www.wordfence.com/vulnerability-advisories/#CVE-2021-34643