Lucene search

K
cnvdChina National Vulnerability DatabaseCNVD-2021-70741
HistorySep 04, 2021 - 12:00 a.m.

WordPress Easy Social Icons Cross-Site Scripting Vulnerability

2021-09-0400:00:00
China National Vulnerability Database
www.cnvd.org.cn
6

0.003 Low

EPSS

Percentile

65.9%

WordPress is the Wordpress Foundation’s set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress Easy Social Icons plugin is a WordPress open source application plugin. WordPress Easy Social Icons plugin in version 3.0.8 and earlier has a cross-site scripting vulnerability that originates in main file file $_SERVER[‘PHP_SELF’] lack of user input data validation and filtering of the data at the input, an attacker can use the vulnerability to lure users to click on a request containing malicious leads to the client-side code to steal the user cookie credentials.

0.003 Low

EPSS

Percentile

65.9%