Vulnerabilities > Accesspressthemes > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-05 | CVE-2022-4946 | Unspecified vulnerability in Accesspressthemes Frontend Post Wordpress Plugin 2.8.4 The Frontend Post WordPress Plugin WordPress plugin through 2.8.4 does not validate an attribute of one of its shortcode, which could allow users with a role as low as contributor to add a malicious shortcode to a page/post, which will redirect users to an arbitrary domain. | 5.4 |
| 2023-03-20 | CVE-2023-0175 | Unspecified vulnerability in Accesspressthemes Smart Logo Showcase Lite The Responsive Clients Logo Gallery Plugin for WordPress plugin through 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
| 2022-04-18 | CVE-2022-23975 | Cross-Site Request Forgery (CSRF) vulnerability in Accesspressthemes Access Demo Importer Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker to activate any installed plugin. | 4.3 |
| 2022-04-18 | CVE-2022-23976 | Cross-Site Request Forgery (CSRF) vulnerability in Accesspressthemes Access Demo Importer Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker to reset all data (posts / pages / media). | 5.8 |
| 2022-03-21 | CVE-2022-0628 | Cross-site Scripting vulnerability in Accesspressthemes AP Mega Menu The Mega Menu WordPress plugin before 3.0.8 does not sanitize and escape the _wpnonce parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | 4.3 |
| 2022-02-28 | CVE-2022-23911 | SQL Injection vulnerability in Accesspressthemes AP Custom Testimonial The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does not validate and escape the id parameter before using it in a SQL statement when retrieving a testimonial to edit, leading to a SQL Injection | 6.5 |
| 2022-02-28 | CVE-2022-23912 | Cross-site Scripting vulnerability in Accesspressthemes AP Custom Testimonial The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does not sanitise and escape the id parameter before outputting it back in an attribute, leading to a Reflected cross-Site Scripting | 4.3 |
| 2022-02-14 | CVE-2021-25107 | Cross-site Scripting vulnerability in Accesspressthemes Form Store to DB The Form Store to DB WordPress plugin before 1.1.1 does not sanitise and escape parameter keys before outputting it back in the created entry, allowing unauthenticated attacker to perform Cross-Site Scripting attacks against admin | 4.3 |
| 2022-01-24 | CVE-2021-24858 | SQL Injection vulnerability in Accesspressthemes WP Cookie User Info The Cookie Notification Plugin for WordPress plugin before 1.0.9 does not sanitise or escape the id GET parameter before using it in a SQL statement, when retrieving the setting to edit in the admin dashboard, leading to an authenticated SQL Injection | 6.5 |
| 2021-03-18 | CVE-2021-24143 | SQL Injection vulnerability in Accesspressthemes Accesspress Social Icons Unvalidated input in the AccessPress Social Icons plugin, versions before 1.8.1, did not sanitise its widget attribute, allowing accounts with post permission, such as author, to perform SQL injections. | 6.5 |