Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cybernetikz easy social icons vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2022-0840
The Easy Social Icons WordPress plugin prior to 3.2.1 does not properly escape the image_file field when adding a new social icon, allowing high privileged users to inject arbitrary javascript even when the unfiltered_html capability is disallowed.
Cybernetikz Easy Social Icons
7.2
CVSSv3
CVE-2022-0887
The Easy Social Icons WordPress plugin prior to 3.1.4 does not sanitize the selected_icons attribute to the cnss_widget before using it in an SQL statement, leading to a SQL injection vulnerability.
Cybernetikz Easy Social Icons
6.1
CVSSv3
CVE-2021-39322
The Easy Social Icons plugin <= 3.0.8 for WordPress echoes out the raw value of `$_SERVER['PHP_SELF']` in its main file. On certain configurations including Apache+modPHP this makes it possible to use it to perform a reflected Cross-Site Scripting attack by injecting...
Cybernetikz Easy Social Icons
5.4
CVSSv3
CVE-2023-48336
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cybernetikz Easy Social Icons allows Stored XSS.This issue affects Easy Social Icons: from n/a up to and including 3.2.4.
Cybernetikz Easy Social Icons
NA
CVE-2015-2084
Cross-site request forgery (CSRF) vulnerability in the Easy Social Icons plugin prior to 1.2.3 for WordPress allows remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the image_file parameter in a...
Cybernetikz Easy Social Icons
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started