CVE-2021-34655 MEDIUM

CVE-2021-34655: WP Songbook <= 2.0.11 Reflected Cross-Site Scripting

Vendor Wp Songbook

Product WP Songbook

Weakness CWE-79 · XSS

Published August 16, 2021

Last update May 23, 2025

View on NVD All CVEs

CVSS base score

6.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

The WP Songbook WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the url parameter found in the ~/inc/class.ajax.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.11.

Key dates

02Disclosure timeline

August 16, 2021 CVE published

May 23, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-34655

Related vulnerabilities

04Related CVE

CVE-2025-58089 CVE-2021-32856 Microweber vulnerable to Cross-site Scripting CVE-2024-28793 IBM Engineering Workflow Management cross-site scripting CVE-2025-5303 LTL Freight Quotes – Freightview Edition <= 1.0.11, LTL Freight Quotes – Daylight Edition <=2.2.6 and LTL Freight Quotes – Day & Ross Edition <= 2.1.10 - Unauthenticated Stored Cross-Site Scripting via `expiry_date` Parameter CVE-2026-5825 code-projects Simple Laundry System delmemberinfo.php cross site scripting