Stored Cross-Site Scripting Vulnerability in AccessPress Social Icons Plugin by AccessPress Themes
CVE-2021-47910

5.1MEDIUM

Key Information:

Vendor: WordPress
Status: Accesspress Social Icons
Vendor: CVE Published:; 10 May 2026

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2021-47910?

AccessPress Social Icons version 1.8.2 is vulnerable to a stored cross-site scripting (XSS) attack. The vulnerability allows authenticated users to inject malicious JavaScript payloads through the 'icon title' field. Once the payload is stored, it can be executed when other users access the plugin's interface, potentially compromising user accounts or retrieving sensitive information. This type of attack highlights the importance of proper input validation and sanitization in web applications to prevent unauthorized script execution.

Affected Version(s)

AccessPress Social Icons 1.8.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2021-47910 - Proof of Concept

References

https://www.exploit-db.com/exploits/50515

exploit

https://accesspressthemes.com/

product

https://wordpress.org/plugins/accesspress-social-icons/

product

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
May 10, 2026
👾
Exploit known to exist
May 10, 2026
Vulnerability published
May 10, 2026
Vulnerability Reserved
Feb 1, 2026

Credit

Murat DEMIRCI (@butterflyhunt3r)

CVE-2021-47910 Data

JSON

WordPress

Badges

What is CVE-2021-47910?

Affected Version(s)

Exploit Proof of Concept (PoC)

References

CVSS V4

Timeline

Credit