CVE-2021-24867

Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to avoid any confusion
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
WPScanCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
VendorProductVersion
accesspressthemesaccessbuddy
1.0.0
accesspressthemesaccesspress_anonymous_post
2.8.0
accesspressthemesaccesspress_basic
3.2.1
accesspressthemesaccesspress_custom_css
2.0.1
accesspressthemesaccesspress_custom_post_type
1.0.8
accesspressthemesaccesspress_ifeeds
4.0.3
accesspressthemesaccesspress_lite
2.92
accesspressthemesaccesspress_mag
2.6.5
accesspressthemesaccesspress_parallax
4.5
accesspressthemesaccesspress_ray
1.19.5
accesspressthemesaccesspress_root
2.5
accesspressthemesaccesspress_social_counter
1.9.1
accesspressthemesaccesspress_social_icons
1.8.2
accesspressthemesaccesspress_social_login_lite
3.4.7
accesspressthemesaccesspress_social_share
4.5.5
accesspressthemesaccesspress_staple
1.9.1
accesspressthemesaccesspress_store
2.4.9
accesspressthemesagency_lite
1.1.6
accesspressthemesap_companion
𝑥
< 1.0.7
accesspressthemesap_contact_form
1.0.6
accesspressthemesap_custom_testimonial
1.4.6
accesspressthemesap_mega_menu
3.0.5
accesspressthemesap_pricing_tables_lite
1.1.2
accesspressthemesapex_notification_bar_lite
2.0.4
accesspressthemesaplite
1.0.6
accesspressthemesbadge_designer_lite_for_woocommerce
1.1.0
accesspressthemesbingle
1.0.4
accesspressthemesbloger
1.2.6
accesspressthemescomments_disable_-_accesspress
1.0.7
accesspressthemesconstruction_lite
1.2.5
accesspressthemesdoko
1.0.27
accesspressthemeseasy_side_tab
1.0.7
accesspressthemesenlighten
1.3.5
accesspressthemeseverest_admin_theme_lite
1.0.7
accesspressthemeseverest_coming_soon_lite
1.1.0
accesspressthemeseverest_comment_rating_lite
2.0.4
accesspressthemeseverest_counter_lite
2.0.7
accesspressthemeseverest_faq_manager_lite
1.0.8
accesspressthemeseverest_gallery_lite
1.0.8
accesspressthemeseverest_gplaces_business_reviews
1.0.9
accesspressthemeseverest_review_lite
1.0.7
accesspressthemeseverest_tab_lite
2.0.3
accesspressthemeseverest_timeline_lite
1.1.1
accesspressthemesfashstore
1.2.1
accesspressthemesform_store_to_db
1.0.9
accesspressthemesfotography
2.4.0
accesspressthemesgaga_corp
1.0.8
accesspressthemesgaga_lite
1.4.2
accesspressthemesinline_call_to_action_builder_lite
1.1.0
accesspressthemesmcontact_button
𝑥
< 2.0.7
accesspressthemesone-paze
2.2.8
accesspressthemesparallax_blog
3.1.1574941215
accesspressthemesparallaxsome
1.3.6
accesspressthemespi_button
3.3.3
accesspressthemesproduct_slider_for_woocommerce_lite
1.1.5
accesspressthemespunte
1.1.2
accesspressthemesrevolve
1.3.1
accesspressthemesripple
1.2.0
accesspressthemesscrollme
2.1.0
accesspressthemessmart_logo_showcase_lite
1.1.7
accesspressthemessmart_scroll_posts
2.0.8
accesspressthemessmart_scroll_to_top_lite
1.0.3
accesspressthemessocial_auto_poster
2.1.3
accesspressthemessocial_review
𝑥
< 1.0.9
accesspressthemessportsmag
1.2.1
accesspressthemesstorevilla
1.4.1
accesspressthemesswing_lite
1.1.9
accesspressthemestauto_poster
1.4.5
accesspressthemesthe_launcher
1.3.2
accesspressthemesthe_monday
1.4.1
accesspressthemestotal_gdpr_compliance_lite
1.0.4
accesspressthemestotal_team_lite
1.1.1
accesspressthemesultimate-form-builder-lite
1.5.0
accesspressthemesultimate_author_box_lite
1.1.2
accesspressthemesuncode_lite
1.3.1
accesspressthemesunicon_lite
1.2.6
accesspressthemesvmag
1.2.7
accesspressthemesvmagazine_lite
1.3.5
accesspressthemesvmagazine_news
1.0.5
accesspressthemeswp_1_slider
1.2.9
accesspressthemeswp_blog_manager_lite
1.1.0
accesspressthemeswp_comment_designer_lite
2.0.3
accesspressthemeswp_cookie_user_info
1.0.7
accesspressthemeswp_floating_menu
1.4.4
accesspressthemeswp_media_manager_lite
1.1.2
accesspressthemeswp_menu_icons_lite
𝑥
< 1.0.9
accesspressthemeswp_popup_banners
1.2.3
accesspressthemeswp_popup_lite
1.0.8
accesspressthemeswp_product_gallery_lite
1.1.1
accesspressthemeswp_tfeed
1.6.7
accesspressthemeszigcy_baby
1.0.6
accesspressthemeszigcy_cosmetics
1.0.5
accesspressthemeszigcy_lite
2.0.9
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://jetpack.com/2022/01/18/backdoor-found-in-themes-and-plugins-from-accesspress-themes/
https://wpscan.com/vulnerability/9c76bada-fa32-4c2f-9855-d0efd1e63eff
https://jetpack.com/2022/01/18/backdoor-found-in-themes-and-plugins-from-accesspress-themes/
https://wpscan.com/vulnerability/9c76bada-fa32-4c2f-9855-d0efd1e63eff