CVE-2015-2084

Name of the Vulnerable Software and Affected Versions Easy Social Icons plugin versions prior to 1.2.3

Description A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks. This is achieved via the image file parameter in an edit action in the "cnss social icon add" page to "wp-admin/admin.php".

Recommendations For versions prior to 1.2.3, update to version 1.2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the "cnss social icon add" page in wp-admin/admin.php to minimize the risk of exploitation. Avoid using the image file parameter in the affected edit action until the issue is resolved.