CVE-2021-24143
AccessPress Social Icons < 1.8.1 - Authenticated SQL Injection
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 1.3%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
18 Mar 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Unvalidated input in the AccessPress Social Icons plugin, versions before 1.8.1, did not sanitise its widget attribute, allowing accounts with post permission, such as author, to perform SQL injections.
Affected products
Unknown · AccessPress Social IconsWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →