WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Easy Social Icons < 3.2.1 - Unauthenticated Arbitrary Icon Deletion

Description

The plugin does not have authorisation and CSRF checks when deleting icons, allowing unauthenticated user to delete arbitrary icons

Proof of Concept

https://example.com/?cnss-delete=&id=1

Affects Plugins

easy-social-icons
Fixed in version 3.2.1

Classification

Type

NO AUTHORISATION

OWASP top 10
A5: Broken Access Control
CWE
CWE-862

Miscellaneous

Original Researcher

Jan w Oleju

Submitter

Jan w Oleju

Verified

Yes

WPVDB ID
e34deaa8-3848-48ae-800b-d50c88693727

Timeline

Publicly Published

2022-03-21 (about 1 years ago)

Added

2022-03-21 (about 1 years ago)

Last Updated

2022-03-21 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin