CVE-2021-47910

MEDIUM

WordPress Plugin AccessPress Social Icons 1.8.2 Stored XSS

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-47910. PoCs published by Murat DEMİRCİ.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in the WordPress plugin AccessPress Social Icons 1.8.2. The attacker injects malicious JavaScript into the 'icon title' field, which is then stored in the database and executed when rendered.

Description

AccessPress Social Icons 1.8.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by entering JavaScript payloads into the 'icon title' field. Attackers can store XSS payloads like image tags with onerror event handlers that execute when the plugin page is viewed, affecting all users who access the plugin interface.

Exploits (1)

exploitdb WORKING POC

by Murat DEMİRCİ · textwebappsphp

https://www.exploit-db.com/exploits/50515

View Code ZIP pw:eip

This exploit demonstrates a stored XSS vulnerability in the WordPress plugin AccessPress Social Icons 1.8.2. The attacker injects malicious JavaScript into the 'icon title' field, which is then stored in the database and executed when rendered.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: WordPress Plugin AccessPress Social Icons 1.8.2

Auth required

Prerequisites: WordPress installation · AccessPress Social Icons plugin version 1.8.2 · Admin access to the plugin settings

MITRE ATT&CK

T1059.007 - JavaScript T1189 - Drive-by Compromise

devstral-2 · analyzed May 10, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit

ExploitDB-50515

https://www.exploit-db.com/exploits/50515

Product product

Official Product Homepage

https://accesspressthemes.com/

Product product

Product Reference

https://wordpress.org/plugins/accesspress-social-icons/

Third Party Advisory third-party-advisory

VulnCheck Advisory: WordPress Plugin AccessPress Social Icons 1.8.2 Stored XSS

https://www.vulncheck.com/advisories/wordpress-plugin-accesspress-social-icons-stored-xss

Scores

CVSS v3 6.4

EPSS 0.0024

EPSS Percentile 14.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

Accesspressthemes/AccessPress Social Icons 1.8.2

Published May 10, 2026

Tracked Since May 10, 2026