← Back

CVE-2021-24867

nvd nist
Published: Feb 21, 2022Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to avoid any confusion

Affected (93)

Products: Accesspressthemes: Accessbuddy, Accesspress Anonymous Post, Accesspress Basic, Accesspress Custom Css, Accesspress Custom Post Type, Accesspress Ifeeds, Accesspress Lite, Accesspress Mag, Accesspress Parallax, Accesspress Ray, Accesspress Root, Accesspress Social Counter, Accesspress Social Icons, Accesspress Social Login Lite, Accesspress Social Share, Accesspress Staple, Accesspress Store, Agency Lite, Ap Companion, Ap Contact Form, Ap Custom Testimonial, Ap Mega Menu, Ap Pricing Tables Lite, Apex Notification Bar Lite, Aplite, Badge Designer Lite For Woocommerce, Bingle, Bloger, Comments Disable Accesspress, Construction Lite, Doko, Easy Side Tab, Enlighten, Everest Admin Theme Lite, Everest Coming Soon Lite, Everest Comment Rating Lite, Everest Counter Lite, Everest Faq Manager Lite, Everest Gallery Lite, Everest Gplaces Business Reviews, Everest Review Lite, Everest Tab Lite, Everest Timeline Lite, Fashstore, Form Store To Db, Fotography, Gaga Corp, Gaga Lite, Inline Call To Action Builder Lite, Mcontact Button, One Paze, Parallax Blog, Parallaxsome, Pi Button, Product Slider For Woocommerce Lite, Punte, Revolve, Ripple, Scrollme, Smart Logo Showcase Lite, Smart Scroll Posts, Smart Scroll To Top Lite, Social Auto Poster, Social Review, Sportsmag, Storevilla, Swing Lite, Tauto Poster, The Launcher, The Monday, Total Gdpr Compliance Lite, Total Team Lite, Ultimate Form Builder Lite, Ultimate Author Box Lite, Uncode Lite, Unicon Lite, Vmag, Vmagazine Lite, Vmagazine News, Wp 1 Slider, Wp Blog Manager Lite, Wp Comment Designer Lite, Wp Cookie User Info, Wp Floating Menu, Wp Media Manager Lite, Wp Menu Icons Lite, Wp Popup Banners, Wp Popup Lite, Wp Product Gallery Lite, Wp Tfeed, Zigcy Baby, Zigcy Cosmetics, Zigcy Lite
Accesspressthemes
93 products
Accessbuddy
Accesspress Anonymous Post
Accesspress Basic
Accesspress Custom Css
Accesspress Custom Post Type
Accesspress Ifeeds
Accesspress Lite
Accesspress Mag
Accesspress Parallax
Accesspress Ray
Accesspress Root
Accesspress Social Counter
Accesspress Social Icons
Accesspress Social Login Lite
Accesspress Social Share
Accesspress Staple
Accesspress Store
Agency Lite
Ap Companion
Ap Contact Form
Ap Custom Testimonial
Ap Mega Menu
Ap Pricing Tables Lite
Apex Notification Bar Lite
Aplite
Badge Designer Lite For Woocommerce
Bingle
Bloger
Comments Disable Accesspress
Construction Lite
Doko
Easy Side Tab
Enlighten
Everest Admin Theme Lite
Everest Coming Soon Lite
Everest Comment Rating Lite
Everest Counter Lite
Everest Faq Manager Lite
Everest Gallery Lite
Everest Gplaces Business Reviews
Everest Review Lite
Everest Tab Lite
Everest Timeline Lite
Fashstore
Form Store To Db
Fotography
Gaga Corp
Gaga Lite
Inline Call To Action Builder Lite
Mcontact Button
One Paze
Parallax Blog
Parallaxsome
Pi Button
Product Slider For Woocommerce Lite
Punte
Revolve
Ripple
Scrollme
Smart Logo Showcase Lite
Smart Scroll Posts
Smart Scroll To Top Lite
Social Auto Poster
Social Review
Sportsmag
Storevilla
Swing Lite
Tauto Poster
The Launcher
The Monday
Total Gdpr Compliance Lite
Total Team Lite
Ultimate Form Builder Lite
Ultimate Author Box Lite
Uncode Lite
Unicon Lite
Vmag
Vmagazine Lite
Vmagazine News
Wp 1 Slider
Wp Blog Manager Lite
Wp Comment Designer Lite
Wp Cookie User Info
Wp Floating Menu
Wp Media Manager Lite
Wp Menu Icons Lite
Wp Popup Banners
Wp Popup Lite
Wp Product Gallery Lite
Wp Tfeed
Zigcy Baby
Zigcy Cosmetics
Zigcy Lite
Configuration A
93 vulnerable
Vulnerable SoftwareAffected Versions
Accessbuddy
Version 1.0.0
Accesspress Anonymous Post
Version 2.8.0
Accesspress Basic
Version 3.2.1
Accesspress Custom Css
Version 2.0.1
Accesspress Custom Post Type
Version 1.0.8
Accesspress Ifeeds
Version 4.0.3
Accesspress Lite
Version 2.92
Accesspress Mag
Version 2.6.5
Accesspress Parallax
Version 4.5
Accesspress Ray
Version 1.19.5
Accesspress Root
Version 2.5
Accesspress Social Counter
Version 1.9.1
Accesspress Social Icons
Version 1.8.2
Accesspress Social Login Lite
Version 3.4.7
Accesspress Social Share
Version 4.5.5
Accesspress Staple
Version 1.9.1
Accesspress Store
Version 2.4.9
Agency Lite
Version 1.1.6
Ap Companion
Before 1.0.7
Ap Contact Form
Version 1.0.6
Ap Custom Testimonial
Version 1.4.6
Ap Mega Menu
Version 3.0.5
Ap Pricing Tables Lite
Version 1.1.2
Apex Notification Bar Lite
Version 2.0.4
Aplite
Version 1.0.6
Badge Designer Lite For Woocommerce
Version 1.1.0
Bingle
Version 1.0.4
Bloger
Version 1.2.6
Comments Disable Accesspress
Version 1.0.7
Construction Lite
Version 1.2.5
Doko
Version 1.0.27
Easy Side Tab
Version 1.0.7
Enlighten
Version 1.3.5
Everest Admin Theme Lite
Version 1.0.7
Everest Coming Soon Lite
Version 1.1.0
Everest Comment Rating Lite
Version 2.0.4
Everest Counter Lite
Version 2.0.7
Everest Faq Manager Lite
Version 1.0.8
Everest Gallery Lite
Version 1.0.8
Everest Gplaces Business Reviews
Version 1.0.9
Everest Review Lite
Version 1.0.7
Everest Tab Lite
Version 2.0.3
Everest Timeline Lite
Version 1.1.1
Fashstore
Version 1.2.1
Form Store To Db
Version 1.0.9
Fotography
Version 2.4.0
Gaga Corp
Version 1.0.8
Gaga Lite
Version 1.4.2
Inline Call To Action Builder Lite
Version 1.1.0
Mcontact Button
Before 2.0.7
One Paze
Version 2.2.8
Parallax Blog
Version 3.1.1574941215
Parallaxsome
Version 1.3.6
Pi Button
Version 3.3.3
Product Slider For Woocommerce Lite
Version 1.1.5
Punte
Version 1.1.2
Revolve
Version 1.3.1
Ripple
Version 1.2.0
Scrollme
Version 2.1.0
Smart Logo Showcase Lite
Version 1.1.7
Smart Scroll Posts
Version 2.0.8
Smart Scroll To Top Lite
Version 1.0.3
Social Auto Poster
Version 2.1.3
Social Review
Before 1.0.9
Sportsmag
Version 1.2.1
Storevilla
Version 1.4.1
Swing Lite
Version 1.1.9
Tauto Poster
Version 1.4.5
The Launcher
Version 1.3.2
The Monday
Version 1.4.1
Total Gdpr Compliance Lite
Version 1.0.4
Total Team Lite
Version 1.1.1
Ultimate Form Builder Lite
Version 1.5.0
Ultimate Author Box Lite
Version 1.1.2
Uncode Lite
Version 1.3.1
Unicon Lite
Version 1.2.6
Vmag
Version 1.2.7
Vmagazine Lite
Version 1.3.5
Vmagazine News
Version 1.0.5
Wp 1 Slider
Version 1.2.9
Wp Blog Manager Lite
Version 1.1.0
Wp Comment Designer Lite
Version 2.0.3
Wp Cookie User Info
Version 1.0.7
Wp Floating Menu
Version 1.4.4
Wp Media Manager Lite
Version 1.1.2
Wp Menu Icons Lite
Before 1.0.9
Wp Popup Banners
Version 1.2.3
Wp Popup Lite
Version 1.0.8
Wp Product Gallery Lite
Version 1.1.1
Wp Tfeed
Version 1.6.7
Zigcy Baby
Version 1.0.6
Zigcy Cosmetics
Version 1.0.5
Zigcy Lite
Version 2.0.9

Related CWEs

CWE-912
Hidden Functionality
The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators.

References (4)

Source: contact@wpscan.com
ExploitThird Party Advisory
Source: contact@wpscan.com
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory

Timeline

No history available yet.