CVE-2021-24867
published 2022-02-21CVE-2021-24867: Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes…
PriorityP359critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
18.88%
96.9th percentile
Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to avoid any confusion
Affected
226 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| accesspress_themes | accessbuddy | — | — |
| accesspress_themes | accesspress-ray | — | — |
| accesspress_themes | accesspress_basic | — | — |
| accesspress_themes | accesspress_custom_css | >= 2.0.1 < 2.0.1* | 2.0.1* |
| accesspress_themes | accesspress_custom_css | >= 2.0.2 < 2.0.2 | 2.0.2 |
| accesspress_themes | accesspress_custom_post_type | >= 1.0.8 < 1.0.8* | 1.0.8* |
| accesspress_themes | accesspress_custom_post_type | >= 1.0.9 < 1.0.9 | 1.0.9 |
| accesspress_themes | accesspress_ifeeds | >= 4.0.3 < 4.0.3* | 4.0.3* |
| accesspress_themes | accesspress_ifeeds | >= 4.0.4 < 4.0.4 | 4.0.4 |
| accesspress_themes | accesspress_lite | — | — |
| accesspress_themes | accesspress_mag | — | — |
| accesspress_themes | accesspress_parallax | — | — |
| accesspress_themes | accesspress_root | — | — |
| accesspress_themes | accesspress_social_counter | >= 1.9.1 < 1.9.1* | 1.9.1* |
| accesspress_themes | accesspress_social_counter | >= 1.9.2 < 1.9.2 | 1.9.2 |
| accesspress_themes | accesspress_social_icons | >= 1.8.2 < 1.8.2* | 1.8.2* |
| accesspress_themes | accesspress_social_icons | >= 1.8.3 < 1.8.3 | 1.8.3 |
| accesspress_themes | accesspress_social_login_lite_social_login_wordpress_plugin | >= 3.4.7 < 3.4.7* | 3.4.7* |
| accesspress_themes | accesspress_social_login_lite_social_login_wordpress_plugin | >= 3.4.8 < 3.4.8 | 3.4.8 |
| accesspress_themes | accesspress_social_share | >= 4.5.5 < 4.5.5* | 4.5.5* |
| accesspress_themes | accesspress_social_share | >= 4.5.6 < 4.5.6 | 4.5.6 |
| accesspress_themes | accesspress_staple | — | — |
| accesspress_themes | accesspress_store | — | — |
| accesspress_themes | agency_lite | — | — |
| accesspress_themes | ap_companion | >= 1.0.7 < 1.0.7 | 1.0.7 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
Quarterly Report: Incident Response Trends in Q1 2023
blogs_talos·2023-04-26
Quarterly Report: Incident Response Trends in Q1 2023
### Web shell usage spikes in Q1 compared to previous quarters, correlating with higher instances of exploitation of public-facing applications.
In a novel increase compared to previous quarters, Cisco Talos Incident Response (Talos IR) reports that web shells were the most-observed threat in the first quarter of 2023, comprising nearly a fourth of the incidents Talos IR engaged in. The functionality of these web shells and the specific vulnerabilities and weaknesses in the platforms they targeted varied. Although each web shell had its own sets of basic functions, when there were multiple web shells present in a single engagement, threat actors chained them together to provide a more flexible toolkit for spreading access across the network. This demonstrates the skills actors have in com
Talos
Quarterly Report: Incident Response Trends in Q1 2023
blogs_talos·2023-04-26
Quarterly Report: Incident Response Trends in Q1 2023
## Quarterly Report: Incident Response Trends in Q1 2023
## Web shell usage spikes in Q1 compared to previous quarters, correlating with higher instances of exploitation of public-facing applications.
In a novel increase compared to previous quarters, Cisco Talos Incident Response (Talos IR) reports that web shells were the most-observed threat in the first quarter of 2023, comprising nearly a fourth of the incidents Talos IR engaged in. The functionality of these web shells and the specific vulnerabilities and weaknesses in the platforms they targeted varied. Although each web shell had its own sets of basic functions, when there were multiple web shells present in a single engagement, threat actors chained them together to provide a more flexible toolkit for spreading access across the
https://jetpack.com/2022/01/18/backdoor-found-in-themes-and-plugins-from-accesspress-themes/https://wpscan.com/vulnerability/9c76bada-fa32-4c2f-9855-d0efd1e63effhttps://jetpack.com/2022/01/18/backdoor-found-in-themes-and-plugins-from-accesspress-themes/https://wpscan.com/vulnerability/9c76bada-fa32-4c2f-9855-d0efd1e63eff
2022-02-21
Published