Vulnerabilities > Accesspressthemes

DATE CVE VULNERABILITY TITLE RISK
2023-11-22 CVE-2023-26532 Unspecified vulnerability in Accesspressthemes Social Auto Poster
Cross-Site Request Forgery (CSRF) vulnerability in AccessPress Themes Social Auto Poster plugin <= 2.1.4 versions.
network
low complexity
accesspressthemes
8.8
2023-11-13 CVE-2023-26518 Cross-Site Request Forgery (CSRF) vulnerability in Accesspressthemes WP Tfeed
Cross-Site Request Forgery (CSRF) vulnerability in AccessPress Themes WP TFeed plugin <= 1.6.9 versions.
network
low complexity
accesspressthemes CWE-352
8.8
2023-06-05 CVE-2022-4946 Unspecified vulnerability in Accesspressthemes Frontend Post Wordpress Plugin 2.8.4
The Frontend Post WordPress Plugin WordPress plugin through 2.8.4 does not validate an attribute of one of its shortcode, which could allow users with a role as low as contributor to add a malicious shortcode to a page/post, which will redirect users to an arbitrary domain.
network
low complexity
accesspressthemes
5.4
2023-03-20 CVE-2023-0175 Unspecified vulnerability in Accesspressthemes Smart Logo Showcase Lite
The Responsive Clients Logo Gallery Plugin for WordPress plugin through 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
network
low complexity
accesspressthemes
5.4
2022-04-18 CVE-2022-23975 Cross-Site Request Forgery (CSRF) vulnerability in Accesspressthemes Access Demo Importer
Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker to activate any installed plugin.
4.3
2022-04-18 CVE-2022-23976 Cross-Site Request Forgery (CSRF) vulnerability in Accesspressthemes Access Demo Importer
Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker to reset all data (posts / pages / media).
5.8
2022-03-21 CVE-2022-0628 Cross-site Scripting vulnerability in Accesspressthemes AP Mega Menu
The Mega Menu WordPress plugin before 3.0.8 does not sanitize and escape the _wpnonce parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
4.3
2022-02-28 CVE-2022-23911 SQL Injection vulnerability in Accesspressthemes AP Custom Testimonial
The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does not validate and escape the id parameter before using it in a SQL statement when retrieving a testimonial to edit, leading to a SQL Injection
network
low complexity
accesspressthemes CWE-89
6.5
2022-02-28 CVE-2022-23912 Cross-site Scripting vulnerability in Accesspressthemes AP Custom Testimonial
The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does not sanitise and escape the id parameter before outputting it back in an attribute, leading to a Reflected cross-Site Scripting
4.3
2022-02-21 CVE-2021-24867 Hidden Functionality vulnerability in Accesspressthemes products
Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised.
network
low complexity
accesspressthemes CWE-912
7.5