Vulnerabilities > Accesspressthemes > Accesspress Root

DATE CVE VULNERABILITY TITLE RISK
2022-02-21 CVE-2021-24867 Hidden Functionality vulnerability in Accesspressthemes products
Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised.
network
low complexity
accesspressthemes CWE-912
7.5
2021-10-11 CVE-2021-39317 Unrestricted Upload of File with Dangerous Type vulnerability in Accesspressthemes products
A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the /demo-functions.php file or /welcome.php file of the affected products.
network
low complexity
accesspressthemes CWE-434
8.8