Accesspress Themes Access Demo Importer vulnerabilities
3 known vulnerabilities affecting accesspress_themes/access_demo_importer.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2021-39317P2HIGHCVSS 8.8Exploited≥ 1.0.6, ≤ 1.0.62021-10-11
CVE-2021-39317 [HIGH] CWE-285 CVE-2021-39317: A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to ma
A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the /demo-functions.php file or /welcome.php file of the affected products. The complete list
nvd
CVE-2022-23976P4HIGHCVSS 8.1≤ 1.0.72022-04-18
CVE-2022-23976 [HIGH] CWE-352 CVE-2022-23976: Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker t
Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker to reset all data (posts / pages / media).
nvd
CVE-2022-23975P4MEDIUMCVSS 6.5≤ 1.0.72022-04-18
CVE-2022-23975 [MEDIUM] CWE-352 CVE-2022-23975: Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker t
Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker to activate any installed plugin.
nvd