1 results (0.002 seconds)
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-24143 – AccessPress Social Icons < 1.8.1 - Authenticated SQL Injection
https://notcve.org/view.php?id=CVE-2021-24143
Unvalidated input in the AccessPress Social Icons plugin, versions before 1.8.1, did not sanitise its widget attribute, allowing accounts with post permission, such as author, to perform SQL injections. Una entrada no comprobada en el plugin AccessPress Social Icons, versiones anteriores a 1.8.1, no saneaba su atributo de widget, permitiendo que cuentas con permiso de publicación, tales como el autor, para llevar a cabo inyecciones SQL • https://wpscan.com/vulnerability/02c5e10c-1ac7-447e-8ae5-b6d251be750b • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •