Cross-Site Request Forgery Vulnerability in Easy Social Icons Plugin for WordPress
CVE-2015-2084

Currently unrated

Key Information:

Vendor: Wordpress
Status: Easy Social Icons
Vendor: CVE Published:; 25 February 2015

What is CVE-2015-2084?

The Easy Social Icons plugin for WordPress is susceptible to a cross-site request forgery (CSRF) flaw that could allow malicious actors to exploit administrator sessions. By leveraging the image_file parameter during an edit action on the cnss_social_icon_add page within wp-admin/admin.php, an attacker might trick an administrator into executing unauthorized commands. This vulnerability poses a significant threat as it could lead to cross-site scripting (XSS) attacks, compromising the overall security of the WordPress site.

References

http://seclists.org/fulldisclosure/2015/Feb/76

mailing-listx_refsource_FULLDISC

http://packetstormsecurity.com/files/130461/WordPress-Eas...

x_refsource_MISC

http://www.exploit-db.com/exploits/36161

exploitx_refsource_EXPLOIT-DB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 25, 2015
Vulnerability Reserved
Feb 25, 2015

Wordpress

What is CVE-2015-2084?

References

Timeline