CVE-2021-25120

MEDIUM NUCLEI

WordPress <6.2.7 - XSS

Title source: llm

Description

The Easy Social Feed Free and Pro WordPress plugins before 6.2.7 do not sanitise some of their parameters used via AJAX actions before outputting them back in the response, leading to Reflected Cross-Site Scripting issues

Nuclei Templates (1)

Easy Social Feed < 6.2.7 - Cross-Site Scripting

MEDIUMby dhiyaneshDk

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/0ad020b5-0d16-4521-8ea7-39cd206ab9f6

Scores

CVSS v3 6.1

EPSS 0.2558

EPSS Percentile 96.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (2)

easysocialfeed/easy_social_feed < 6.2.7

easysocialfeed/easy_social_feed < 6.3.4

Published Apr 18, 2022

Tracked Since Feb 18, 2026