WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

AccessPress Social Icons < 1.8.1 - Authenticated SQL Injection

Description

The plugin does not sanitise its widget attribute, allowing accounts with post permission, such as author, to perform SQL injections.

Proof of Concept

https://drive.google.com/file/d/1UBTpW3RcPR7iqTi94ueyXLwWH8aFHuoe/view?usp=sharing

Payload: [aps-social id="1 and sleep(3)"]

Affects Plugins

accesspress-social-icons
Fixed in version 1.8.1

References

CVE
CVE-2021-24143
URL
https://plugins.trac.wordpress.org/changeset/2409015/accesspress-social-icons/trunk/inc/frontend/shortcode.php?old=2139884
ExploitDB
49115

Classification

Type

SQLI

OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Original Researcher

Nguyen Van Khanh - SunCSR (Sun* Cyber Security Research)

Submitter

khanh

Submitter website
http://research.sun-asterisk.com/
Verified

Yes

WPVDB ID
02c5e10c-1ac7-447e-8ae5-b6d251be750b

Timeline

Publicly Published

2020-11-02 (about 2 years ago)

Added

2020-11-02 (about 2 years ago)

Last Updated

2021-01-22 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin