Primary

Context

AccessPress Social Icons Stored Cross-Site Scripting Vulnerability

Vulnerability

A stored cross-site scripting vulnerability has been identified in the AccessPress Social Icons WordPress plugin, specifically in version 1.8.2. This vulnerability allows authenticated attackers to inject malicious JavaScript into the 'icon title' field. The injected scripts are executed when the plugin page is accessed, impacting all users who view the plugin interface.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the plugin page.

Reproduction

To reproduce this vulnerability, install WordPress and activate the AccessPress Social Icons plugin version 1.8.2. Navigate to the plugin's 'add new' field and enter a JavaScript payload, such as an image tag with an 'onerror' event, into the 'icon title' field. Once the icon is added to the list, the payload will be executed when the plugin page is viewed.

Added: May 10, 2026, 1:44 PM

Updated: May 10, 2026, 1:44 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

1.7

exploitability

6.5

remediation

0.0

relevance

7.9

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

1.7

exploitability

6.5

remediation

0.0

relevance

7.9

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AccessPress Social Icons Stored Cross-Site Scripting Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

AccessPress Social Icons

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating