Vulnerabilities > Accesspressthemes > High

DATE CVE VULNERABILITY TITLE RISK
2023-11-22 CVE-2023-26532 Unspecified vulnerability in Accesspressthemes Social Auto Poster
Cross-Site Request Forgery (CSRF) vulnerability in AccessPress Themes Social Auto Poster plugin <= 2.1.4 versions.
network
low complexity
accesspressthemes
8.8
8.8
2023-11-13 CVE-2023-26518 Unspecified vulnerability in Accesspressthemes WP Tfeed
Cross-Site Request Forgery (CSRF) vulnerability in AccessPress Themes WP TFeed plugin <= 1.6.9 versions.
network
low complexity
accesspressthemes
8.8
8.8
2023-03-22 CVE-2023-28661 SQL Injection vulnerability in Accesspressthemes WP Popup Banners
The WP Popup Banners WordPress Plugin, version <= 1.2.5, is affected by an authenticated SQL injection vulnerability in the 'value' parameter in the get_popup_data action.
network
low complexity
accesspressthemes CWE-89
8.8
8.8
2022-04-18 CVE-2022-23976 Unspecified vulnerability in Accesspressthemes Access Demo Importer
Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker to reset all data (posts / pages / media).
network
low complexity
accesspressthemes
8.1
8.1
2022-02-28 CVE-2022-23911 Unspecified vulnerability in Accesspressthemes AP Custom Testimonial 1.4.6
The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does not validate and escape the id parameter before using it in a SQL statement when retrieving a testimonial to edit, leading to a SQL Injection
network
low complexity
accesspressthemes
7.2
7.2
2022-01-24 CVE-2021-24858 Unspecified vulnerability in Accesspressthemes WP Cookie User Info
The Cookie Notification Plugin for WordPress plugin before 1.0.9 does not sanitise or escape the id GET parameter before using it in a SQL statement, when retrieving the setting to edit in the admin dashboard, leading to an authenticated SQL Injection
network
low complexity
accesspressthemes
7.2
7.2
2021-10-11 CVE-2021-39317 Unrestricted Upload of File with Dangerous Type vulnerability in Accesspressthemes products
A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the /demo-functions.php file or /welcome.php file of the affected products.
network
low complexity
accesspressthemes CWE-434
8.8
8.8
2021-03-18 CVE-2021-24143 SQL Injection vulnerability in Accesspressthemes Accesspress Social Icons
Unvalidated input in the AccessPress Social Icons plugin, versions before 1.8.1, did not sanitise its widget attribute, allowing accounts with post permission, such as author, to perform SQL injections.
network
low complexity
accesspressthemes CWE-89
8.8
8.8