mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-29 17:50:34 +00:00
879 B
879 B
CVE-2022-0840
&color=brighgreen)
Description
The Easy Social Icons WordPress plugin before 3.2.1 does not properly escape the image_file field when adding a new social icon, allowing high privileged users to inject arbitrary javascript even when the unfiltered_html capability is disallowed.
POC
Reference
- https://wpscan.com/vulnerability/9da884a9-b4dd-4de0-9afa-722f772cf2df
- https://wpscan.com/vulnerability/9da884a9-b4dd-4de0-9afa-722f772cf2df
Github
No PoCs found on GitHub currently.