Description
WordPress Plugin AccessPress Social Counter [only if downloaded via the vendor website] contains suspicious code. Attackers can exploit this issue to perform a variety of actions. Successful attacks will compromise the affected application and possibly the webserver or computer. WordPress Plugin AccessPress Social Counter version 1.9.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.9.2 or latest
References
Related Vulnerabilities
WordPress Plugin Easy PayPal Events Cross-Site Scripting (1.1.1)
WordPress Plugin Advanced Custom Fields PRO Cross-Site Scripting (6.1.5)
WordPress Plugin Amazon JS Cross-Site Scripting (0.10)
Atlassian Jira URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-20417)
Claroline Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2008-3262)