← back
CVE-2015-2084

CVE-2015-2084

EPSS 2.6%
Cross-site request forgery (CSRF) vulnerability in the Easy Social Icons plugin before 1.2.3 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the image_file parameter in an edit action in the cnss_social_icon_add page to wp-admin/admin.php.
Affected products
n/a · n/a
public PoCs found3
cve_referencepacketstormsecurity.com/files/130461/WordPress-Easy-Social-Icons-1.2.2-CSRF-XSS.htmlunverifiedcve_referencewww.exploit-db.com/exploits/36161unverifiedexploitdbwww.exploit-db.com/exploits/36161unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/130461/WordPress-Easy-Social-Icons-1.2.2-CSRF-XSS.htmlhttp://seclists.org/fulldisclosure/2015/Feb/76https://wordpress.org/plugins/easy-social-icons/changelog/http://www.exploit-db.com/exploits/36161http://www.securityfocus.com/bid/74893