Lucene search

WPScanCVELIST:CVE-2021-24143

HistoryMar 18, 2021 - 2:57 p.m.

CVE-2021-24143 AccessPress Social Icons < 1.8.1 - Authenticated SQL Injection

2021-03-1814:57:50

CWE-89

WPScan

www.cve.org

cve-2021-24143

accesspress social icons

sql injection

unvalidated input

widget attribute

post permission

AI Score

9.1

Confidence

High

EPSS

0.001

Percentile

37.0%

JSON

Unvalidated input in the AccessPress Social Icons plugin, versions before 1.8.1, did not sanitise its widget attribute, allowing accounts with post permission, such as author, to perform SQL injections.

CNA Affected

[
  {
    "product": "AccessPress Social Icons",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "1.8.1",
        "status": "affected",
        "version": "1.8.1",
        "versionType": "custom"
      }
    ]
  }
]

References

wpscan.com/vulnerability/02c5e10c-1ac7-447e-8ae5-b6d251be750b