Vulnerabilities > CVE-2021-24867 - Hidden Functionality vulnerability in Accesspressthemes products

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

accesspressthemes

CWE-912

critical

NVD

Published: 2022-02-21

Updated: 2022-03-02

Summary

Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to avoid any confusion

Vulnerable Configurations

Part	Description	Count
Application	Accesspressthemes Accesspressthemes Accessbuddy 1.0.0 Accesspressthemes Accesspress Basic 3.2.1 Accesspressthemes Accesspress Lite 2.92 Accesspressthemes Accesspress MAG 2.6.5 Accesspressthemes Accesspress Parallax 4.5 Accesspressthemes Accesspress RAY 1.19.5 Accesspressthemes Accesspress Root 2.5 Accesspressthemes Accesspress Staple 1.9.1 Accesspressthemes Accesspress Store 2.4.9 Accesspressthemes Agency Lite 1.1.6 Accesspressthemes Aplite 1.0.6 Accesspressthemes Bingle 1.0.4 Accesspressthemes Bloger 1.2.6 Accesspressthemes Construction Lite 1.2.5 Accesspressthemes Doko 1.0.27 Accesspressthemes Enlighten 1.3.5 Accesspressthemes Fashstore 1.2.1 Accesspressthemes Fotography 2.4.0 Accesspressthemes Gaga Corp 1.0.8 Accesspressthemes Gaga Lite 1.4.2 Accesspressthemes ONE Paze 2.2.8 Accesspressthemes Parallax Blog 3.1.1574941215 Accesspressthemes Parallaxsome 1.3.6 Accesspressthemes Punte 1.1.2 Accesspressthemes Revolve 1.3.1 Accesspressthemes Ripple 1.2.0 Accesspressthemes Scrollme 2.1.0 Accesspressthemes Sportsmag 1.2.1 Accesspressthemes Storevilla 1.4.1 Accesspressthemes Swing Lite 1.1.9 Accesspressthemes THE Launcher 1.3.2 Accesspressthemes THE Monday 1.4.1 Accesspressthemes Uncode Lite 1.3.1 Accesspressthemes Unicon Lite 1.2.6 Accesspressthemes Vmag 1.2.7 Accesspressthemes Vmagazine Lite 1.3.5 Accesspressthemes Vmagazine News 1.0.5 Accesspressthemes Zigcy Baby 1.0.6 Accesspressthemes Zigcy Cosmetics 1.0.5 Accesspressthemes Zigcy Lite 2.0.9 Accesspressthemes Accesspress Anonymous Post 2.8.0 Accesspressthemes Accesspress Custom CSS 2.0.1 Accesspressthemes Accesspress Social Share 4.5.5 Accesspressthemes Accesspress Social Login Lite 3.4.7 Accesspressthemes Accesspress Social Icons 1.8.2 Accesspressthemes Accesspress Social Counter 1.9.1 Accesspressthemes PI Button 3.3.3 Accesspressthemes Accesspress Ifeeds 4.0.3 Accesspressthemes Social Auto Poster 2.1.3 Accesspressthemes Accesspress Custom Post Type 1.0.8 Accesspressthemes WP Tfeed 1.6.7 Accesspressthemes Tauto Poster 1.4.5 Accesspressthemes AP Companion * Accesspressthemes AP Contact Form 1.0.6 Accesspressthemes WP Menu Icons Lite * Accesspressthemes Everest TAB Lite 2.0.3 Accesspressthemes Everest Timeline Lite 1.1.1 Accesspressthemes Inline Call TO Action Builder Lite 1.1.0 Accesspressthemes Product Slider FOR Woocommerce Lite 1.1.5 Accesspressthemes Smart Logo Showcase Lite 1.1.7 Accesspressthemes Smart Scroll Posts 2.0.8 Accesspressthemes Smart Scroll TO TOP Lite 1.0.3 Accesspressthemes Total Gdpr Compliance Lite 1.0.4 Accesspressthemes Total Team Lite 1.1.1 Accesspressthemes Ultimate Author BOX Lite 1.1.2 Accesspressthemes Ultimate Form Builder Lite 1.5.0 Accesspressthemes Everest Review Lite 1.0.7 Accesspressthemes Easy Side TAB 1.0.7 Accesspressthemes Everest Admin Theme Lite 1.0.7 Accesspressthemes Everest Coming Soon Lite 1.1.0 Accesspressthemes Everest Comment Rating Lite 2.0.4 Accesspressthemes Everest Counter Lite 2.0.7 Accesspressthemes Everest FAQ Manager Lite 1.0.8 Accesspressthemes Everest Gallery Lite 1.0.8 Accesspressthemes Everest Gplaces Business Reviews 1.0.9 Accesspressthemes AP Mega Menu 3.0.5 Accesspressthemes AP Pricing Tables Lite 1.1.2 Accesspressthemes Apex Notification BAR Lite 2.0.4 Accesspressthemes Form Store TO DB 1.0.9 Accesspressthemes Comments Disable Accesspress 1.0.7 Accesspressthemes AP Custom Testimonial 1.4.6 Accesspressthemes Badge Designer Lite FOR Woocommerce 1.1.0 Accesspressthemes WP 1 Slider 1.2.9 Accesspressthemes WP Blog Manager Lite 1.1.0 Accesspressthemes WP Comment Designer Lite 2.0.3 Accesspressthemes WP Cookie User Info 1.0.7 Accesspressthemes Social Review * Accesspressthemes Mcontact Button * Accesspressthemes WP Floating Menu 1.4.4 Accesspressthemes WP Media Manager Lite 1.1.2 Accesspressthemes WP Popup Banners 1.2.3 Accesspressthemes WP Popup Lite 1.0.8 Accesspressthemes WP Product Gallery Lite 1.1.1	93

Common Weakness Enumeration (CWE)

CWE-912 - Hidden Functionality

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References