CVE-2021-39322

Name of the Vulnerable Software and Affected Versions: Easy Social Icons plugin versions 3.0.8 and earlier

Description: The issue allows for a reflected Cross-Site Scripting attack by injecting malicious code in the request path on certain configurations, including Apache+modPHP. This is possible because the plugin echoes out the raw value of $ SERVER['PHP SELF'] in its main file.

Recommendations: For versions 3.0.8 and earlier, consider disabling the plugin until a patch is available to prevent exploitation. Restrict access to the plugin's main file to minimize the risk of reflected Cross-Site Scripting attacks. Avoid using the $ SERVER['PHP SELF'] variable in the plugin's main file until the issue is resolved.