PT-2021-15689 · WordPress · Accesspress Social Icons

Nguyen Van Khanh

Published

2021-03-18

Updated

2021-03-22

CVE-2021-24143

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: AccessPress Social Icons plugin versions prior to 1.8.1

Description: The issue is related to unvalidated input in the AccessPress Social Icons plugin, which did not sanitize its widget attribute. This allowed accounts with post permission, such as authors, to perform SQL injections.

Recommendations: For AccessPress Social Icons plugin versions prior to 1.8.1, update to version 1.8.1 or later to resolve the issue. As a temporary workaround, consider restricting post permission to trusted users until the update is applied.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2021-24143

Affected Products

Accesspress Social Icons

PT-2021-15689 · WordPress · Accesspress Social Icons

CVE-2021-24143

Weakness Enumeration

Related Identifiers

Affected Products

References · 4