Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to avoid any confusion
References
| Link | Resource |
|---|---|
| https://jetpack.com/2022/01/18/backdoor-found-in-themes-and-plugins-from-accesspress-themes/ | Exploit Third Party Advisory |
| https://wpscan.com/vulnerability/9c76bada-fa32-4c2f-9855-d0efd1e63eff | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
02 Mar 2022, 18:03
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:accesspressthemes:wp_cookie_user_info:1.0.7:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:accesspress_social_counter:1.9.1:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:everest_review_lite:1.0.7:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:ap_companion:*:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:accesspress_basic:3.2.1:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:the_monday:1.4.1:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:wp_1_slider:1.2.9:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:everest_timeline_lite:1.1.1:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:total_team_lite:1.1.1:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:everest_gplaces_business_reviews:1.0.9:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:comments_disable_-_accesspress:1.0.7:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:vmagazine_lite:1.3.5:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:pi_button:3.3.3:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:one-paze:2.2.8:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:zigcy_lite:2.0.9:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:easy_side_tab:1.0.7:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:construction_lite:1.2.5:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:accesspress_parallax:4.5:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:ap_contact_form:1.0.6:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:everest_counter_lite:2.0.7:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:accesspress_lite:2.92:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:everest_coming_soon_lite:1.1.0:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:parallaxsome:1.3.6:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:doko:1.0.27:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:vmag:1.2.7:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:accesspress_ray:1.19.5:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:unicon_lite:1.2.6:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:wp_product_gallery_lite:1.1.1:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:product_slider_for_woocommerce_lite:1.1.5:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:smart_scroll_to_top_lite:1.0.3:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:accesspress_custom_css:2.0.1:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:wp_floating_menu:1.4.4:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:wp_comment_designer_lite:2.0.3:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:everest_comment_rating_lite:2.0.4:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:accesspress_ifeeds:4.0.3:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:wp_blog_manager_lite:1.1.0:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:accesspress_mag:2.6.5:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:accesspress_social_login_lite:3.4.7:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:smart_logo_showcase_lite:1.1.7:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:tauto_poster:1.4.5:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:wp_popup_banners:1.2.3:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:accesspress_custom_post_type:1.0.8:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:scrollme:2.1.0:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:punte:1.1.2:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:accesspress_social_share:4.5.5:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:gaga_lite:1.4.2:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:enlighten:1.3.5:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:parallax_blog:3.1.1574941215:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:bloger:1.2.6:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:accesspress_store:2.4.9:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:the_launcher:1.3.2:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:vmagazine_news:1.0.5:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:revolve:1.3.1:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:swing_lite:1.1.9:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:accesspress_staple:1.9.1:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:everest_faq_manager_lite:1.0.8:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:everest_gallery_lite:1.0.8:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:wp_menu_icons_lite:*:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:accesspress_anonymous_post:2.8.0:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:accessbuddy:1.0.0:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:ap_custom_testimonial:1.4.6:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:wp_tfeed:1.6.7:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:ap_mega_menu:3.0.5:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:badge_designer_lite_for_woocommerce:1.1.0:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:total_gdpr_compliance_lite:1.0.4:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:mcontact_button:*:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:form_store_to_db:1.0.9:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:zigcy_cosmetics:1.0.5:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:everest_tab_lite:2.0.3:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:ap_pricing_tables_lite:1.1.2:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:ultimate_author_box_lite:1.1.2:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:sportsmag:1.2.1:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:agency_lite:1.1.6:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:aplite:1.0.6:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:wp_popup_lite:1.0.8:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:storevilla:1.4.1:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:accesspress_root:2.5:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:fashstore:1.2.1:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:smart_scroll_posts:2.0.8:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:social_review:*:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:uncode_lite:1.3.1:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:gaga_corp:1.0.8:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:zigcy_baby:1.0.6:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:inline_call_to_action_builder_lite:1.1.0:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:social_auto_poster:2.1.3:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:apex_notification_bar_lite:2.0.4:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:accesspress_social_icons:1.8.2:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:ultimate-form-builder-lite:1.5.0:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:everest_admin_theme_lite:1.0.7:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:wp_media_manager_lite:1.1.2:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:bingle:1.0.4:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:ripple:1.2.0:*:*:*:*:wordpress:*:* cpe:2.3:a:accesspressthemes:fotography:2.4.0:*:*:*:*:wordpress:*:* |
|
| References | (MISC) https://wpscan.com/vulnerability/9c76bada-fa32-4c2f-9855-d0efd1e63eff - Exploit, Third Party Advisory | |
| References | (MISC) https://jetpack.com/2022/01/18/backdoor-found-in-themes-and-plugins-from-accesspress-themes/ - Exploit, Third Party Advisory | |
| CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
| First Time |
Accesspressthemes accesspress Ifeeds
Accesspressthemes inline Call To Action Builder Lite Accesspressthemes ap Custom Testimonial Accesspressthemes wp Cookie User Info Accesspressthemes fashstore Accesspressthemes total Gdpr Compliance Lite Accesspressthemes scrollme Accesspressthemes comments Disable - Accesspress Accesspressthemes bingle Accesspressthemes Accesspressthemes aplite Accesspressthemes smart Scroll To Top Lite Accesspressthemes apex Notification Bar Lite Accesspressthemes accesspress Parallax Accesspressthemes wp Popup Banners Accesspressthemes accesspress Staple Accesspressthemes wp 1 Slider Accesspressthemes smart Logo Showcase Lite Accesspressthemes wp Comment Designer Lite Accesspressthemes form Store To Db Accesspressthemes ultimate Author Box Lite Accesspressthemes accesspress Mag Accesspressthemes everest Gplaces Business Reviews Accesspressthemes everest Timeline Lite Accesspressthemes wp Popup Lite Accesspressthemes accesspress Social Counter Accesspressthemes smart Scroll Posts Accesspressthemes accesspress Root Accesspressthemes everest Faq Manager Lite Accesspressthemes everest Gallery Lite Accesspressthemes accesspress Basic Accesspressthemes the Launcher Accesspressthemes swing Lite Accesspressthemes ap Pricing Tables Lite Accesspressthemes uncode Lite Accesspressthemes accessbuddy Accesspressthemes parallax Blog Accesspressthemes wp Floating Menu Accesspressthemes tauto Poster Accesspressthemes vmagazine Lite Accesspressthemes accesspress Anonymous Post Accesspressthemes accesspress Store Accesspressthemes accesspress Ray Accesspressthemes social Review Accesspressthemes ap Contact Form Accesspressthemes badge Designer Lite For Woocommerce Accesspressthemes social Auto Poster Accesspressthemes wp Blog Manager Lite Accesspressthemes accesspress Social Icons Accesspressthemes agency Lite Accesspressthemes accesspress Custom Css Accesspressthemes storevilla Accesspressthemes everest Counter Lite Accesspressthemes fotography Accesspressthemes wp Menu Icons Lite Accesspressthemes accesspress Lite Accesspressthemes gaga Lite Accesspressthemes zigcy Baby Accesspressthemes construction Lite Accesspressthemes accesspress Custom Post Type Accesspressthemes one-paze Accesspressthemes bloger Accesspressthemes enlighten Accesspressthemes doko Accesspressthemes unicon Lite Accesspressthemes everest Coming Soon Lite Accesspressthemes wp Product Gallery Lite Accesspressthemes vmag Accesspressthemes everest Tab Lite Accesspressthemes gaga Corp Accesspressthemes mcontact Button Accesspressthemes ap Companion Accesspressthemes product Slider For Woocommerce Lite Accesspressthemes everest Review Lite Accesspressthemes everest Comment Rating Lite Accesspressthemes ap Mega Menu Accesspressthemes total Team Lite Accesspressthemes pi Button Accesspressthemes zigcy Cosmetics Accesspressthemes accesspress Social Share Accesspressthemes everest Admin Theme Lite Accesspressthemes sportsmag Accesspressthemes zigcy Lite Accesspressthemes easy Side Tab Accesspressthemes ultimate-form-builder-lite Accesspressthemes ripple Accesspressthemes accesspress Social Login Lite Accesspressthemes revolve Accesspressthemes parallaxsome Accesspressthemes the Monday Accesspressthemes vmagazine News Accesspressthemes punte Accesspressthemes wp Tfeed Accesspressthemes wp Media Manager Lite |
21 Feb 2022, 11:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-02-21 11:15
Updated : 2023-12-10 14:22
NVD link : CVE-2021-24867
Mitre link : CVE-2021-24867
CVE.ORG link : CVE-2021-24867
JSON object : View
Products Affected
accesspressthemes
- parallaxsome
- one-paze
- agency_lite
- ripple
- everest_timeline_lite
- accesspress_ray
- fashstore
- gaga_corp
- everest_gplaces_business_reviews
- accesspress_custom_post_type
- vmagazine_lite
- pi_button
- accesspress_lite
- accesspress_staple
- wp_1_slider
- everest_counter_lite
- smart_scroll_to_top_lite
- social_review
- tauto_poster
- everest_tab_lite
- wp_tfeed
- enlighten
- zigcy_lite
- accesspress_basic
- parallax_blog
- revolve
- vmag
- everest_coming_soon_lite
- product_slider_for_woocommerce_lite
- wp_product_gallery_lite
- apex_notification_bar_lite
- zigcy_baby
- accesspress_ifeeds
- wp_menu_icons_lite
- scrollme
- doko
- aplite
- fotography
- ap_contact_form
- wp_blog_manager_lite
- accessbuddy
- smart_scroll_posts
- vmagazine_news
- smart_logo_showcase_lite
- accesspress_mag
- comments_disable_-_accesspress
- accesspress_social_icons
- ap_mega_menu
- storevilla
- wp_popup_lite
- everest_faq_manager_lite
- unicon_lite
- social_auto_poster
- punte
- sportsmag
- gaga_lite
- zigcy_cosmetics
- accesspress_custom_css
- everest_comment_rating_lite
- badge_designer_lite_for_woocommerce
- swing_lite
- everest_gallery_lite
- mcontact_button
- wp_comment_designer_lite
- wp_media_manager_lite
- wp_popup_banners
- bingle
- ultimate-form-builder-lite
- accesspress_parallax
- ap_companion
- ultimate_author_box_lite
- the_monday
- total_team_lite
- accesspress_social_login_lite
- total_gdpr_compliance_lite
- inline_call_to_action_builder_lite
- easy_side_tab
- accesspress_social_share
- construction_lite
- ap_custom_testimonial
- accesspress_root
- the_launcher
- everest_admin_theme_lite
- wp_floating_menu
- ap_pricing_tables_lite
- form_store_to_db
- accesspress_anonymous_post
- uncode_lite
- bloger
- accesspress_social_counter
- wp_cookie_user_info
- accesspress_store
- everest_review_lite
CWE
CWE-912
Hidden Functionality