cbcvebase.
CVE-2021-24867
published 2022-02-21

CVE-2021-24867: Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes…

PriorityP359critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
18.88%
96.9th percentile
Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to avoid any confusion

Affected

226 ranges· showing 25
VendorProductVersion rangeFixed in
accesspress_themesaccessbuddy
accesspress_themesaccesspress-ray
accesspress_themesaccesspress_basic
accesspress_themesaccesspress_custom_css>= 2.0.1 < 2.0.1*2.0.1*
accesspress_themesaccesspress_custom_css>= 2.0.2 < 2.0.22.0.2
accesspress_themesaccesspress_custom_post_type>= 1.0.8 < 1.0.8*1.0.8*
accesspress_themesaccesspress_custom_post_type>= 1.0.9 < 1.0.91.0.9
accesspress_themesaccesspress_ifeeds>= 4.0.3 < 4.0.3*4.0.3*
accesspress_themesaccesspress_ifeeds>= 4.0.4 < 4.0.44.0.4
accesspress_themesaccesspress_lite
accesspress_themesaccesspress_mag
accesspress_themesaccesspress_parallax
accesspress_themesaccesspress_root
accesspress_themesaccesspress_social_counter>= 1.9.1 < 1.9.1*1.9.1*
accesspress_themesaccesspress_social_counter>= 1.9.2 < 1.9.21.9.2
accesspress_themesaccesspress_social_icons>= 1.8.2 < 1.8.2*1.8.2*
accesspress_themesaccesspress_social_icons>= 1.8.3 < 1.8.31.8.3
accesspress_themesaccesspress_social_login_lite_social_login_wordpress_plugin>= 3.4.7 < 3.4.7*3.4.7*
accesspress_themesaccesspress_social_login_lite_social_login_wordpress_plugin>= 3.4.8 < 3.4.83.4.8
accesspress_themesaccesspress_social_share>= 4.5.5 < 4.5.5*4.5.5*
accesspress_themesaccesspress_social_share>= 4.5.6 < 4.5.64.5.6
accesspress_themesaccesspress_staple
accesspress_themesaccesspress_store
accesspress_themesagency_lite
accesspress_themesap_companion>= 1.0.7 < 1.0.71.0.7

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.