mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-30 18:56:19 +00:00
964 B
964 B
CVE-2021-39322
&color=brightgreen)
Description
The Easy Social Icons plugin <= 3.0.8 for WordPress echoes out the raw value of $_SERVER['PHP_SELF'] in its main file. On certain configurations including Apache+modPHP this makes it possible to use it to perform a reflected Cross-Site Scripting attack by injecting malicious code in the request path.