6 matches found
CVE-2021-39322
The Easy Social Icons plugin = 3.0.8 for WordPress echoes out the raw value of $SERVER'PHPSELF' in its main file. On certain configurations including Apache+modPHP this makes it possible to use it to perform a reflected Cross-Site Scripting attack by injecting malicious code in the request path...
Cross site scripting
The Easy Social Icons plugin = 3.0.8 for WordPress echoes out the raw value of $SERVER'PHPSELF' in its main file. On certain configurations including Apache+modPHP this makes it possible to use it to perform a reflected Cross-Site Scripting attack by injecting malicious code in the request path...
CVE-2021-39322 Easy Social Icons <= 3.0.8 - Reflected Cross-Site Scripting
The Easy Social Icons plugin = 3.0.8 for WordPress echoes out the raw value of $SERVER'PHPSELF' in its main file. On certain configurations including Apache+modPHP this makes it possible to use it to perform a reflected Cross-Site Scripting attack by injecting malicious code in the request path...
Cross site scripting
The underConstruction plugin = 1.18 for WordPress echoes out the raw value of $GLOBALS'PHPSELF' in the ucOptions.php file. On certain configurations including Apache+modPHP, this makes it possible to use it to perform a reflected Cross-Site Scripting attack by injecting malicious code in the...
CVE-2021-39320
CVE-2021-39320 affects the WordPress Under Construction plugin (versions
CVE-2021-39320 underConstruction <= 1.18 - Reflected Cross-Site Scripting
The underConstruction plugin = 1.18 for WordPress echoes out the raw value of $GLOBALS'PHPSELF' in the ucOptions.php file. On certain configurations including Apache+modPHP, this makes it possible to use it to perform a reflected Cross-Site Scripting attack by injecting malicious code in the...