Wordpress plugin accesspress social icons 1.8.2 icon title stored crosssite scripting (xss) Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2021-11-12 | Type : webapps | Platform : php
This exploit / vulnerability Wordpress plugin accesspress social icons 1.8.2 icon title stored crosssite scripting (xss) is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...

# Exploit Title: WordPress Plugin AccessPress Social Icons 1.8.2 - 'icon title' Stored Cross-Site Scripting (XSS)
# Date: 11/12/2021
# Exploit Author: Murat DEMIRCI (@butterflyhunt3r)
# Vendor Homepage: https://accesspressthemes.com/
# Software Link: https://wordpress.org/plugins/accesspress-social-icons/
# Version: 1.8.2
# Tested on : Windows 10

#Poc:

1. Install Latest WordPress
2. Install and activate AccessPress Social Icons 1.8.2
3. Open plugin on the left frame and keep going "add new" field. Click "Choose icon indiviually" and fill other fields.
4. Enter JavaScript payload which is mentioned below into 'icon title' field and "Add Icon to list".

<img src=x onerror=confirm('xss')>

4. You will observe that the payload successfully got stored into the database and alert will be seen on the screen.

Wordpress plugin accesspress social icons 1.8.2 icon title stored crosssite scripting (xss)


Last added Exploits Vulnerabilities

▸ soplanning 1.52.01 (simple online planning tool) - remote code execution (rce) (authenticated) ◂
Discovered: 2024-11-15
Type: webapps
Platform: php
▸ rengine 2.2.0 - command injection (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: multiple
▸ opensis 9.1 - sqli (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: php



Tags:
Wordpress plugin accesspress social icons 1.8.2 icon title stored crosssite scripting (xss) Vulnerability / Exploit