WordPress Plugin AccessPress Social Icons 1.8.2 Stored XSS Vulnerability Overview Vulnerability Type: Stored Cross-Site Scripting (Stored XSS) Severity: Medium Publication Date: May 10, 2026 CVE Number: CVE-79 CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Affected Scope Affected Software: WordPress Plugin AccessPress Social Icons Affected Versions: <= 1.8.2 Attack Conditions: Requires authenticated attackers Attack Vector: Injecting JavaScript payloads into the plugin's "Icon title" field. Impact: Attackers can store XSS payloads (such as image tags with an event handler). These scripts execute when other users visit the plugin page, affecting all users accessing the plugin interface. Remediation Official Product Homepage: Official Product Homepage Product Reference: Product Reference Recommendation: Upgrade to an unaffected version or apply the patch provided by the vendor. References ExploitDB: ExploitDB-50515 Reporter: Murat DEMIRCI (@butterflyhunt3r)