Vulnerabilities > CVE-2022-0840 - Unspecified vulnerability in Cybernetikz Easy Social Icons
Attack vector
NETWORK Attack complexity
LOW Privileges required
HIGH Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
The Easy Social Icons WordPress plugin before 3.2.1 does not properly escape the image_file field when adding a new social icon, allowing high privileged users to inject arbitrary javascript even when the unfiltered_html capability is disallowed.