CVE-2021-39322: 
WordPress vulnerability analysis and mitigation

The Easy Social Icons WordPress plugin versions 3.0.8 and below contains a reflected Cross-Site Scripting (XSS) vulnerability identified as CVE-2021-39322. The vulnerability was discovered on August 20, 2021, and publicly disclosed on August 30, 2021. The issue affects the plugin's main file where it improperly handles the $_SERVER['PHP_SELF'] variable (WPScan).

The vulnerability stems from the plugin's failure to properly escape the $_SERVER['PHP_SELF'] input before outputting it back in an attribute. This security flaw has been assigned a CVSS score of 8.8 (high), and is classified as CWE-79. The vulnerability can be exploited on certain configurations including Apache+modPHP, where attackers can inject malicious code in the request path (CVE Mitre, WPScan).

When exploited, this vulnerability allows attackers to perform reflected Cross-Site Scripting attacks by injecting malicious code in the request path. This could potentially lead to the execution of unauthorized JavaScript code in users' browsers (CVE Mitre).

The vulnerability has been fixed in version 3.0.9 of the Easy Social Icons plugin. Users are advised to update to this version or later to mitigate the security risk (WPScan).

The vulnerability was discovered and reported by security researcher Ram Gall from Wordfence (WPScan).