Latest Accesspressthemes Vulnerabilities

CVE-2023-26532
WordPress Social Auto Poster Plugin <= 2.1.4 is vulnerable to Cross Site Request Forgery (CSRF)
Accesspressthemes Social Auto Poster<=2.1.4
CVE-2023-26518
WordPress WP TFeed Plugin <= 1.6.9 is vulnerable to Cross Site Request Forgery (CSRF)
Accesspressthemes Wp Tfeed<=1.6.9
CVE-2022-4946
Accesspressthemes Frontend Post Wordpress Plugin<=2.8.4
CVE-2023-28661
The WP Popup Banners WordPress Plugin, version <= 1.2.5, is affected by an authenticated SQL injection vulnerability in the 'value' parameter in the get_popup_data action.
Accesspressthemes Wp Popup Banners=1.0.1
Accesspressthemes Wp Popup Banners=1.0.2
Accesspressthemes Wp Popup Banners=1.0.3
Accesspressthemes Wp Popup Banners=1.0.4
Accesspressthemes Wp Popup Banners=1.0.5
Accesspressthemes Wp Popup Banners=1.0.6
and 19 more
CVE-2022-23976
Accesspressthemes Access Demo Importer<=1.0.7
CVE-2022-23975
Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker to activate any installed plugin.
Accesspressthemes Access Demo Importer<=1.0.7
CVE-2022-0628
The Mega Menu WordPress plugin before 3.0.8 does not sanitize and escape the _wpnonce parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
Accesspressthemes Ap Mega Menu<3.0.8
CVE-2022-23911
The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does not validate and escape the id parameter before using it in a SQL statement when retrieving a testimonial to edit, leading to a SQL ...
Accesspressthemes Ap Custom Testimonial<1.4.7
CVE-2022-23912
The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does not sanitise and escape the id parameter before outputting it back in an attribute, leading to a Reflected cross-Site Scripting
Accesspressthemes Ap Custom Testimonial<1.4.7
CVE-2021-24867
Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are af...
Accesspressthemes Accessbuddy=1.0.0
Accesspressthemes Accesspress Anonymous Post=2.8.0
Accesspressthemes Accesspress Basic=3.2.1
Accesspressthemes Accesspress Custom Css=2.0.1
Accesspressthemes Accesspress Custom Post Type=1.0.8
Accesspressthemes Accesspress Ifeeds=4.0.3
and 87 more
CVE-2021-25107
The Form Store to DB WordPress plugin before 1.1.1 does not sanitise and escape parameter keys before outputting it back in the created entry, allowing unauthenticated attacker to perform Cross-Site S...
Accesspressthemes Form Store To Db<1.1.1
CVE-2021-24858
The Cookie Notification Plugin for WordPress plugin before 1.0.9 does not sanitise or escape the id GET parameter before using it in a SQL statement, when retrieving the setting to edit in the admin d...
Accesspressthemes Wp Cookie User Info<1.0.9
CVE-2021-24143
Unvalidated input in the AccessPress Social Icons plugin, versions before 1.8.1, did not sanitise its widget attribute, allowing accounts with post permission, such as author, to perform SQL injection...
Accesspressthemes Accesspress Social Icons<1.8.1
CVE-2020-25378
Wordpress Plugin Store / AccessPress Themes WP Floating Menu V1.3.0 is affected by: Cross Site Scripting (XSS) via the id GET parameter.
Accesspressthemes Wp Floating Menu=1.3.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203