PT-2022-9486 · Accesspress · Accesspress Themes

Harald Eilertsen

Published

2022-01-25

Updated

2022-03-02

CVE-2021-24867

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions AccessPress Themes plugins and themes versions (affected versions not specified)

Description The AccessPress Themes vendor's website was compromised, resulting in numerous plugins and themes being backdoored. Only plugins and themes downloaded via the vendor's website are affected, while those hosted on wordpress.org are not. The affected plugins and themes have been updated or removed to avoid confusion.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Hidden Functionality

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-912

Related Identifiers

CVE-2021-24867

Affected Products

Accesspress Themes

PT-2022-9486 · Accesspress · Accesspress Themes

CVE-2021-24867

Weakness Enumeration

Related Identifiers

Affected Products

References · 7