Easy Social Icons < 3.2.1 - Admin+ Stored Cross-Site Scripting in add icon
The plugin does not properly escape the imagefile field when adding a new social icon, allowing high privileged users to inject arbitrary javascript even when the unfilteredhtml capability is disallowed. Version 3.2.0 adressed some of the issues, but was still vulnerable when clicking to edit the...