CVE-2026-7659
Stored XSS in Advanced Social Media Icons WordPress Plugin
Publication date: 2026-05-12
Last updated on: 2026-05-12
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| riotweb | advanced_social_media_icons | to 1.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The Advanced Social Media Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) via the `social` shortcode in all versions up to and including 1.2.
This vulnerability arises because the plugin does not properly sanitize or escape user-supplied attributes, allowing authenticated users with Contributor-level access or higher to inject arbitrary web scripts.
These injected scripts execute whenever any user accesses the page containing the malicious shortcode.
How can this vulnerability impact me? :
This vulnerability can allow attackers with Contributor-level access to inject malicious scripts into WordPress pages.
When other users visit these pages, the malicious scripts execute in their browsers, potentially leading to theft of sensitive information, session hijacking, or other malicious actions.
Because the attack is stored, the malicious code persists on the site and affects all visitors to the infected pages.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves identifying the presence of the Advanced Social Media Icons plugin version 1.2 or earlier on your WordPress site, as these versions are vulnerable.
Since the vulnerability is a Stored Cross-Site Scripting (XSS) via the `social` shortcode, you can look for suspicious or unexpected script tags or JavaScript code within pages or posts that use this shortcode.
Commands to assist detection might include searching the WordPress database for the shortcode usage and inspecting content for injected scripts. For example, using WP-CLI to search posts:
- wp db query "SELECT ID, post_content FROM wp_posts WHERE post_content LIKE '%[social%'"
Then manually review the returned post_content fields for suspicious script injections.
Additionally, monitoring HTTP responses for unexpected JavaScript execution or using web application scanners that detect stored XSS vulnerabilities on pages using the `social` shortcode can help.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include removing or disabling the Advanced Social Media Icons plugin, as it is no longer maintained and has known vulnerabilities.
Since the plugin was closed and is no longer available for download, it is recommended to uninstall it and replace it with a maintained alternative.
Additionally, restrict Contributor-level and above users from adding or editing content that uses the `social` shortcode until the plugin is removed.
Review and clean any existing posts or pages that may have injected scripts via the shortcode to prevent stored XSS execution.
Implement web application firewall (WAF) rules to block malicious script injections and monitor for suspicious activity related to this vulnerability.