Vulnerabilities > Accesspressthemes
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-21 | CVE-2021-24867 | Hidden Functionality vulnerability in Accesspressthemes products Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. | 9.8 |
| 2022-02-14 | CVE-2021-25107 | Cross-site Scripting vulnerability in Accesspressthemes Form Store to DB The Form Store to DB WordPress plugin before 1.1.1 does not sanitise and escape parameter keys before outputting it back in the created entry, allowing unauthenticated attacker to perform Cross-Site Scripting attacks against admin | 6.1 |
| 2022-01-24 | CVE-2021-24858 | SQL Injection vulnerability in Accesspressthemes WP Cookie User Info The Cookie Notification Plugin for WordPress plugin before 1.0.9 does not sanitise or escape the id GET parameter before using it in a SQL statement, when retrieving the setting to edit in the admin dashboard, leading to an authenticated SQL Injection | 7.2 |
| 2021-10-11 | CVE-2021-39317 | Unrestricted Upload of File with Dangerous Type vulnerability in Accesspressthemes products A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the /demo-functions.php file or /welcome.php file of the affected products. | 8.8 |
| 2021-03-18 | CVE-2021-24143 | SQL Injection vulnerability in Accesspressthemes Accesspress Social Icons Unvalidated input in the AccessPress Social Icons plugin, versions before 1.8.1, did not sanitise its widget attribute, allowing accounts with post permission, such as author, to perform SQL injections. | 8.8 |
| 2020-09-14 | CVE-2020-25378 | Cross-site Scripting vulnerability in Accesspressthemes WP Floating Menu 1.3.0 Wordpress Plugin Store / AccessPress Themes WP Floating Menu V1.3.0 is affected by: Cross Site Scripting (XSS) via the id GET parameter. | 6.1 |
| 2017-12-19 | CVE-2017-16949 | Unrestricted Upload of File with Dangerous Type vulnerability in Accesspressthemes Anonymous Post PRO An issue was discovered in the AccessKeys AccessPress Anonymous Post Pro plugin through 3.1.9 for WordPress. | 9.8 |
| 2017-10-26 | CVE-2017-15919 | SQL Injection vulnerability in Accesspressthemes Ultimate-Form-Builder-Lite The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php. | 9.8 |