CVE-2021-47910

EUVD-2021-34783
AccessPress Social Icons 1.8.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by entering JavaScript payloads into the 'icon title' field. Attackers can store XSS payloads like image tags with onerror event handlers that execute when the plugin page is viewed, affecting all users who access the plugin interface.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
VulnCheckCNA
6.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
accesspressthemesaccesspress_social_icons
1.8.2
CNA
Common Weakness Enumeration
References
https://accesspressthemes.com/
https://wordpress.org/plugins/accesspress-social-icons/
https://www.exploit-db.com/exploits/50515
https://www.vulncheck.com/advisories/wordpress-plugin-accesspress-social-icons-stored-xss