Easy Social Icons <= 1.2.2 – Stored XSS & CSRF | CVE 2015-2084

Affects Plugins

easy-social-icons

Fixed in 1.2.3

References

CVE

CVE-2015-2084

Exploitdb

36161

URL

https://packetstormsecurity.com/files/#130461/

URL

https://seclists.org/fulldisclosure/2015/Feb/76

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Submitter

ethicalhack3r

Submitter twitter

ethicalhack3r

Verified

No

WPVDB ID

52754e5a-b74e-4055-bc37-be3129e20ef7

Timeline

Publicly Published

2015-02-19 (about 11 years ago)

Added

2015-02-22 (about 11 years ago)

Last Updated

2019-10-21 (about 6 years ago)

Other

Published

Title

Published

2025-12-07

Title

Generic Elements <= 1.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2025-08-26

Title

Yahoo! WebPlayer <= 2.0.6 - Reflected Cross-Site Scripting

Published

2024-06-05

Title

Rotating Tweets (Twitter widget and shortcode) <= 1.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Published

2024-04-04

Title

Happy Addons for Elementor < 3.10.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Calendy

Published

2025-04-10

Title

Spark GF Failed Submissions < 1.3.6 - Reflected Cross-Site Scripting