Vulnerabilities > Accesspressthemes

DATE CVE VULNERABILITY TITLE RISK
2022-02-21 CVE-2021-24867 Hidden Functionality vulnerability in Accesspressthemes products
Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised.
network
low complexity
accesspressthemes CWE-912
critical
9.8
2022-02-14 CVE-2021-25107 Cross-site Scripting vulnerability in Accesspressthemes Form Store to DB
The Form Store to DB WordPress plugin before 1.1.1 does not sanitise and escape parameter keys before outputting it back in the created entry, allowing unauthenticated attacker to perform Cross-Site Scripting attacks against admin
network
low complexity
accesspressthemes CWE-79
6.1
2022-01-24 CVE-2021-24858 SQL Injection vulnerability in Accesspressthemes WP Cookie User Info
The Cookie Notification Plugin for WordPress plugin before 1.0.9 does not sanitise or escape the id GET parameter before using it in a SQL statement, when retrieving the setting to edit in the admin dashboard, leading to an authenticated SQL Injection
network
low complexity
accesspressthemes CWE-89
7.2
2021-10-11 CVE-2021-39317 Unrestricted Upload of File with Dangerous Type vulnerability in Accesspressthemes products
A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the /demo-functions.php file or /welcome.php file of the affected products.
network
low complexity
accesspressthemes CWE-434
8.8
2021-03-18 CVE-2021-24143 SQL Injection vulnerability in Accesspressthemes Accesspress Social Icons
Unvalidated input in the AccessPress Social Icons plugin, versions before 1.8.1, did not sanitise its widget attribute, allowing accounts with post permission, such as author, to perform SQL injections.
network
low complexity
accesspressthemes CWE-89
8.8
2020-09-14 CVE-2020-25378 Cross-site Scripting vulnerability in Accesspressthemes WP Floating Menu 1.3.0
Wordpress Plugin Store / AccessPress Themes WP Floating Menu V1.3.0 is affected by: Cross Site Scripting (XSS) via the id GET parameter.
network
low complexity
accesspressthemes CWE-79
6.1
2017-12-19 CVE-2017-16949 Unrestricted Upload of File with Dangerous Type vulnerability in Accesspressthemes Anonymous Post PRO
An issue was discovered in the AccessKeys AccessPress Anonymous Post Pro plugin through 3.1.9 for WordPress.
network
low complexity
accesspressthemes CWE-434
critical
9.8
2017-10-26 CVE-2017-15919 SQL Injection vulnerability in Accesspressthemes Ultimate-Form-Builder-Lite
The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php.
network
low complexity
accesspressthemes CWE-89
critical
9.8