CVE-2021-25120

MEDIUM NUCLEI

Easy Social Feed Free and Pro < 6.2.7 - Reflected Cross-Site Scripting via AJAX Parameters

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2021-25120 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.

Description

The Easy Social Feed Free and Pro WordPress plugins before 6.2.7 do not sanitise some of their parameters used via AJAX actions before outputting them back in the response, leading to Reflected Cross-Site Scripting issues

Nuclei Templates (1)

Easy Social Feed < 6.2.7 - Cross-Site Scripting
MEDIUMby dhiyaneshDk

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/0ad020b5-0d16-4521-8ea7-39cd206ab9f6

Scores

CVSS v3 6.1
EPSS 0.0286
EPSS Percentile 84.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (2)
easysocialfeed/easy_social_feed < 6.2.7
easysocialfeed/easy_social_feed < 6.3.4
Published Apr 18, 2022
Tracked Since Feb 18, 2026