Medium severity6.1NVD Advisory· Published Sep 2, 2021· Updated Jun 17, 2026
CVE-2021-39322
CVE-2021-39322
Description
The Easy Social Icons plugin <= 3.0.8 for WordPress echoes out the raw value of $_SERVER['PHP_SELF'] in its main file. On certain configurations including Apache+modPHP this makes it possible to use it to perform a reflected Cross-Site Scripting attack by injecting malicious code in the request path.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=3.0.8
- Range: 3.0.8
Patches
Vulnerability mechanics
References
2- wpvulndb.com/vulnerabilities/5e0bf0b6-9809-426b-b1d4-1fb653083b58nvdExploitThird Party Advisory
- www.wordfence.com/vulnerability-advisories/nvdThird Party Advisory
News mentions
0No linked articles in our index yet.