13 Layers

The Easy Social Icons plugin <= 3.0.8 for WordPress echoes out the raw value of `$_SERVER['PHP_SELF']` in its principal file. On certain configurations including Apache+modPHP this makes it viable to use it to perform a reflected Cross-Site Scripting attack by injecting malicious code in the request path. (CVSS:0.0) (Terminal Update:2021-09-02)

13 Layers Managed Security Services