Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to avoid any confusion

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P
Vendors Products
Accesspressthemes
  • Wp Blog Manager Lite
  • Wp Tfeed
  • Everest Gplaces Business Reviews
  • Accesspress Ifeeds
  • Gaga Corp
  • Accesspress Social Icons
  • Everest Comment Rating Lite
  • Zigcy Baby
  • Everest Admin Theme Lite
  • Accesspress Social Counter
  • Smart Logo Showcase Lite
  • Ap Contact Form
  • Ap Custom Testimonial
  • Unicon Lite
  • Parallax Blog
  • Social Auto Poster
  • Uncode Lite
  • Fashstore
  • Revolve
  • Ap Companion
  • The Monday
  • Pi Button
  • Ultimate Author Box Lite
  • Total Gdpr Compliance Lite
  • Ripple
  • Everest Review Lite
  • Ap Mega Menu
  • Bingle
  • Wp Media Manager Lite
  • Swing Lite
  • Storevilla
  • Vmagazine News
  • Accesspress Staple
  • Badge Designer Lite For Woocommerce
  • Enlighten
  • Accesspress Ray
  • Accesspress Custom Css
  • Smart Scroll Posts
  • Inline Call To Action Builder Lite
  • Construction Lite
  • Accessbuddy
  • Apex Notification Bar Lite
  • Wp Floating Menu
  • Zigcy Cosmetics
  • Form Store To Db
  • Everest Gallery Lite
  • Accesspress Custom Post Type
  • Total Team Lite
  • Everest Coming Soon Lite
  • Wp 1 Slider
  • Vmag
  • Accesspress Store
  • Accesspress Basic
  • Accesspress Lite
  • Comments Disable - Accesspress
  • Product Slider For Woocommerce Lite
  • Scrollme
  • Everest Tab Lite
  • Wp Menu Icons Lite
  • Tauto Poster
  • Accesspress Social Share
  • Aplite
  • Smart Scroll To Top Lite
  • Ultimate-form-builder-lite
  • Bloger
  • One-paze
  • Accesspress Mag
  • Social Review
  • Accesspress Anonymous Post
  • Gaga Lite
  • Wp Cookie User Info
  • Wp Popup Banners
  • Ap Pricing Tables Lite
  • Wp Comment Designer Lite
  • Accesspress Social Login Lite
  • Punte
  • Zigcy Lite
  • Wp Popup Lite
  • Parallaxsome
  • Easy Side Tab
  • Doko
  • Everest Counter Lite
  • Vmagazine Lite
  • Fotography
  • Agency Lite
  • The Launcher
  • Wp Product Gallery Lite
  • Accesspress Root
  • Everest Faq Manager Lite
  • Everest Timeline Lite
  • Sportsmag
  • Mcontact Button
  • Accesspress Parallax

Configuration 1 [-]

OR cpe:2.3:a:accesspressthemes:accessbuddy:1.0.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:accesspress_anonymous_post:2.8.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:accesspress_basic:3.2.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:accesspress_custom_css:2.0.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:accesspress_custom_post_type:1.0.8:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:accesspress_ifeeds:4.0.3:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:accesspress_lite:2.92:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:accesspress_mag:2.6.5:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:accesspress_parallax:4.5:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:accesspress_ray:1.19.5:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:accesspress_root:2.5:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:accesspress_social_counter:1.9.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:accesspress_social_icons:1.8.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:accesspress_social_login_lite:3.4.7:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:accesspress_social_share:4.5.5:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:accesspress_staple:1.9.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:accesspress_store:2.4.9:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:agency_lite:1.1.6:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:ap_companion:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:ap_contact_form:1.0.6:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:ap_custom_testimonial:1.4.6:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:ap_mega_menu:3.0.5:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:ap_pricing_tables_lite:1.1.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:apex_notification_bar_lite:2.0.4:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:aplite:1.0.6:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:badge_designer_lite_for_woocommerce:1.1.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:bingle:1.0.4:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:bloger:1.2.6:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:comments_disable_-_accesspress:1.0.7:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:construction_lite:1.2.5:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:doko:1.0.27:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:easy_side_tab:1.0.7:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:enlighten:1.3.5:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:everest_admin_theme_lite:1.0.7:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:everest_coming_soon_lite:1.1.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:everest_comment_rating_lite:2.0.4:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:everest_counter_lite:2.0.7:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:everest_faq_manager_lite:1.0.8:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:everest_gallery_lite:1.0.8:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:everest_gplaces_business_reviews:1.0.9:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:everest_review_lite:1.0.7:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:everest_tab_lite:2.0.3:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:everest_timeline_lite:1.1.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:fashstore:1.2.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:form_store_to_db:1.0.9:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:fotography:2.4.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:gaga_corp:1.0.8:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:gaga_lite:1.4.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:inline_call_to_action_builder_lite:1.1.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:mcontact_button:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:one-paze:2.2.8:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:parallax_blog:3.1.1574941215:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:parallaxsome:1.3.6:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:pi_button:3.3.3:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:product_slider_for_woocommerce_lite:1.1.5:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:punte:1.1.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:revolve:1.3.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:ripple:1.2.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:scrollme:2.1.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:smart_logo_showcase_lite:1.1.7:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:smart_scroll_posts:2.0.8:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:smart_scroll_to_top_lite:1.0.3:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:social_auto_poster:2.1.3:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:social_review:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:sportsmag:1.2.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:storevilla:1.4.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:swing_lite:1.1.9:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:tauto_poster:1.4.5:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:the_launcher:1.3.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:the_monday:1.4.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:total_gdpr_compliance_lite:1.0.4:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:total_team_lite:1.1.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:ultimate-form-builder-lite:1.5.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:ultimate_author_box_lite:1.1.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:uncode_lite:1.3.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:unicon_lite:1.2.6:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:vmag:1.2.7:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:vmagazine_lite:1.3.5:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:vmagazine_news:1.0.5:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:wp_1_slider:1.2.9:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:wp_blog_manager_lite:1.1.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:wp_comment_designer_lite:2.0.3:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:wp_cookie_user_info:1.0.7:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:wp_floating_menu:1.4.4:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:wp_media_manager_lite:1.1.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:wp_menu_icons_lite:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:wp_popup_banners:1.2.3:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:wp_popup_lite:1.0.8:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:wp_product_gallery_lite:1.1.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:wp_tfeed:1.6.7:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:zigcy_baby:1.0.6:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:zigcy_cosmetics:1.0.5:*:*:*:*:wordpress:*:*
cpe:2.3:a:accesspressthemes:zigcy_lite:2.0.9:*:*:*:*:wordpress:*:*
References
Link Resource
https://jetpack.com/2022/01/18/backdoor-found-in-themes-and-plugins-from-accesspress-themes/ Exploit Third Party Advisory
https://wpscan.com/vulnerability/9c76bada-fa32-4c2f-9855-d0efd1e63eff Exploit Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: WPScan

Published: 2022-02-21T10:45:39

Updated: 2022-02-21T10:45:39

Reserved: 2021-01-14T00:00:00

Link: CVE-2021-24867

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2022-02-21T11:15:08.320

Modified: 2022-03-02T18:03:41.330

Link: CVE-2021-24867

JSON object: View

cve-icon Redhat Information

No data.

CWE