Easy Social Icons < 3.0.9 – Reflected Cross-Site Scripting | CVE 2021-39322

Affects Plugins

easy-social-icons

Fixed in 3.0.9

References

CVE

CVE-2021-39322

URL

https://www.wordfence.com/blog/2021/09/php_selfish-part-2-reflected-xss-in-easy-social-icons/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

8.8 (high)

Miscellaneous

Original Researcher

Ram Gall (Wordfence)

Verified

Yes

WPVDB ID

5e0bf0b6-9809-426b-b1d4-1fb653083b58

Timeline

Publicly Published

2021-08-30 (about 4 years ago)

Added

2021-09-01 (about 4 years ago)

Last Updated

2022-04-09 (about 3 years ago)

Other

Published

Title

Published

2022-12-06

Title

WP User <= 7.0 - Admin+ Stored XSS

Published

2025-10-09

Title

Salient Shortcodes < 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2024-09-03

Title

The Ultimate WordPress Toolkit – WP Extended < 3.0.9 - Reflected Cross-Site Scripting via page

Published

2023-07-11

Title

Post SMTP < 2.5.8 - Unauthenticated Stored Cross-Site Scripting via Email Contents

Published

2023-10-03

Title

Instagram for WordPress <= 2.1.6 - Contributor+ Stored XSS