The Easy Social Icons WordPress plugin prior to 3.2.1 does not properly escape the image_file field when adding a new social icon, allowing high privileged users to inject arbitrary javascript even when the unfiltered_html capability is disallowed.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cybernetikz easy social icons |