Unvalidated input in the AccessPress Social Icons plugin, versions before 1.8.1, did not sanitise its widget attribute, allowing accounts with post permission, such as author, to perform SQL injections.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/02c5e10c-1ac7-447e-8ae5-b6d251be750b | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2021-03-18T14:57:50
Updated: 2021-03-18T14:57:50
Reserved: 2021-01-14T00:00:00
Link: CVE-2021-24143
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-03-18T15:15:15.213
Modified: 2021-03-22T19:44:59.717
Link: CVE-2021-24143
JSON object: View
Redhat Information
No data.
CWE