PT-2022-13464 · WordPress · Easy Social Icons

Qerogram

Published

2022-04-11

Updated

2022-04-15

CVE-2022-0840

CVSS v3.1

4.8

Medium

Vector

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Easy Social Icons WordPress plugin versions prior to 3.2.1

Description The issue allows high privileged users to inject arbitrary javascript, even when the unfiltered html capability is disallowed, due to improper escaping of the image file field when adding a new social icon.

Recommendations For versions prior to 3.2.1, update to version 3.2.1 or later to resolve the issue.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2022-0840

Affected Products

Easy Social Icons

PT-2022-13464 · WordPress · Easy Social Icons

CVE-2022-0840

Weakness Enumeration

Related Identifiers

Affected Products

References · 3