CRITICAL🇬🇧 English

CVE-2021-24867

CVSS 9.8v3.1pub. 2022-02-21upd. 2024-11-21

Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to avoid any confusion

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Accesspressthemes Accessbuddy

    APP
    Accesspressthemes
    1.0.0
  • Accesspressthemes Accesspress Anonymous Post

    APP
    Accesspressthemes
    2.8.0
  • Accesspressthemes Accesspress Basic

    APP
    Accesspressthemes
    3.2.1
  • Accesspressthemes Accesspress Custom Css

    APP
    Accesspressthemes
    2.0.1
  • Accesspressthemes Accesspress Custom Post Type

    APP
    Accesspressthemes
    1.0.8
  • Accesspressthemes Accesspress Ifeeds

    APP
    Accesspressthemes
    4.0.3
  • Accesspressthemes Accesspress Lite

    APP
    Accesspressthemes
    2.92
  • Accesspressthemes Accesspress Mag

    APP
    Accesspressthemes
    2.6.5
  • Accesspressthemes Accesspress Parallax

    APP
    Accesspressthemes
    4.5
  • Accesspressthemes Accesspress Ray

    APP
    Accesspressthemes
    1.19.5
  • Accesspressthemes Accesspress Root

    APP
    Accesspressthemes
    2.5
  • Accesspressthemes Accesspress Social Counter

    APP
    Accesspressthemes
    1.9.1
  • Accesspressthemes Accesspress Social Icons

    APP
    Accesspressthemes
    1.8.2
  • Accesspressthemes Accesspress Social Login Lite

    APP
    Accesspressthemes
    3.4.7
  • Accesspressthemes Accesspress Social Share

    APP
    Accesspressthemes
    4.5.5
  • Accesspressthemes Accesspress Staple

    APP
    Accesspressthemes
    1.9.1
  • Accesspressthemes Accesspress Store

    APP
    Accesspressthemes
    2.4.9
  • Accesspressthemes Agency Lite

    APP
    Accesspressthemes
    1.1.6
  • Accesspressthemes Ap Companion

    APP
    Accesspressthemes
    < 1.0.7
  • Accesspressthemes Ap Contact Form

    APP
    Accesspressthemes
    1.0.6
  • Accesspressthemes Ap Custom Testimonial

    APP
    Accesspressthemes
    1.4.6
  • Accesspressthemes Apex Notification Bar Lite

    APP
    Accesspressthemes
    2.0.4
  • Accesspressthemes Aplite

    APP
    Accesspressthemes
    1.0.6
  • Accesspressthemes Ap Mega Menu

    APP
    Accesspressthemes
    3.0.5
  • Accesspressthemes Ap Pricing Tables Lite

    APP
    Accesspressthemes
    1.1.2
  • Accesspressthemes Badge Designer Lite For Woocommerce

    APP
    Accesspressthemes
    1.1.0
  • Accesspressthemes Bingle

    APP
    Accesspressthemes
    1.0.4
  • Accesspressthemes Bloger

    APP
    Accesspressthemes
    1.2.6
  • Accesspressthemes Comments Disable Accesspress

    APP
    Accesspressthemes
    1.0.7
  • Accesspressthemes Construction Lite

    APP
    Accesspressthemes
    1.2.5
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2017-15919CRITICAL9.8ten sam produkt

The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object ...

CVE-2023-28661HIGH8.8ten sam produkt

The WP Popup Banners WordPress Plugin, version <= 1.2.5, is affected by an authenticated SQL injection vulnera...

CVE-2022-23911HIGH7.2ten sam produkt

The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does not validate and escape the id parameter b...

CVE-2021-24858HIGH7.2ten sam produkt

The Cookie Notification Plugin for WordPress plugin before 1.0.9 does not sanitise or escape the id GET parame...

CVE-2021-39317HIGH8.8ten sam produkt

A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious fi...