CVE-2015-2084
Easy Social Icons < 1.2.2 - Cross-Site Request Forgery via Image File Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2015-2084. PoCs published by Eric Flokstra.
AI-analyzed exploit summary This PoC demonstrates a combined XSS and CSRF vulnerability in the Easy Social Icons WordPress plugin. It exploits insufficient validation on the 'image_file' parameter to inject arbitrary JavaScript and lacks CSRF tokens, allowing an attacker to trick an admin into executing malicious payloads.
Description
Cross-site request forgery (CSRF) vulnerability in the Easy Social Icons plugin before 1.2.3 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the image_file parameter in an edit action in the cnss_social_icon_add page to wp-admin/admin.php.
Exploits (1)
This PoC demonstrates a combined XSS and CSRF vulnerability in the Easy Social Icons WordPress plugin. It exploits insufficient validation on the 'image_file' parameter to inject arbitrary JavaScript and lacks CSRF tokens, allowing an attacker to trick an admin into executing malicious payloads.