Vulnerabilities > Accesspressthemes

DATE CVE VULNERABILITY TITLE RISK
2023-11-22 CVE-2023-26532 Cross-Site Request Forgery (CSRF) vulnerability in Accesspressthemes Social Auto Poster
Cross-Site Request Forgery (CSRF) vulnerability in AccessPress Themes Social Auto Poster plugin <= 2.1.4 versions.
network
low complexity
accesspressthemes CWE-352
8.8
2023-11-13 CVE-2023-26518 Cross-Site Request Forgery (CSRF) vulnerability in Accesspressthemes WP Tfeed
Cross-Site Request Forgery (CSRF) vulnerability in AccessPress Themes WP TFeed plugin <= 1.6.9 versions.
network
low complexity
accesspressthemes CWE-352
8.8
2023-06-05 CVE-2022-4946 Unspecified vulnerability in Accesspressthemes Frontend Post Wordpress Plugin 2.8.4
The Frontend Post WordPress Plugin WordPress plugin through 2.8.4 does not validate an attribute of one of its shortcode, which could allow users with a role as low as contributor to add a malicious shortcode to a page/post, which will redirect users to an arbitrary domain.
network
low complexity
accesspressthemes
5.4
2023-03-22 CVE-2023-28661 SQL Injection vulnerability in Accesspressthemes WP Popup Banners
The WP Popup Banners WordPress Plugin, version <= 1.2.5, is affected by an authenticated SQL injection vulnerability in the 'value' parameter in the get_popup_data action.
network
low complexity
accesspressthemes CWE-89
8.8
2023-03-20 CVE-2023-0175 Unspecified vulnerability in Accesspressthemes Smart Logo Showcase Lite
The Responsive Clients Logo Gallery Plugin for WordPress plugin through 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
network
low complexity
accesspressthemes
5.4
2022-04-18 CVE-2022-23975 Cross-Site Request Forgery (CSRF) vulnerability in Accesspressthemes Access Demo Importer
Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker to activate any installed plugin.
network
low complexity
accesspressthemes CWE-352
6.5
2022-04-18 CVE-2022-23976 Cross-Site Request Forgery (CSRF) vulnerability in Accesspressthemes Access Demo Importer
Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker to reset all data (posts / pages / media).
network
low complexity
accesspressthemes CWE-352
8.1
2022-03-21 CVE-2022-0628 Cross-site Scripting vulnerability in Accesspressthemes AP Mega Menu 3.0.5
The Mega Menu WordPress plugin before 3.0.8 does not sanitize and escape the _wpnonce parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
network
low complexity
accesspressthemes CWE-79
6.1
2022-02-28 CVE-2022-23911 SQL Injection vulnerability in Accesspressthemes AP Custom Testimonial 1.4.6
The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does not validate and escape the id parameter before using it in a SQL statement when retrieving a testimonial to edit, leading to a SQL Injection
network
low complexity
accesspressthemes CWE-89
7.2
2022-02-28 CVE-2022-23912 Cross-site Scripting vulnerability in Accesspressthemes AP Custom Testimonial 1.4.6
The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does not sanitise and escape the id parameter before outputting it back in an attribute, leading to a Reflected cross-Site Scripting
network
low complexity
accesspressthemes CWE-79
6.1