CVE-2021-39317

🗓️ 11 Oct 2021 16:15:07Reported by [email protected]Type

A WordPress plugin and several themes by AccessPress Themes are vulnerable to malicious file uploads due to missing capability check

Reporter	Title	Published	Views	Family All 55
Circl	CVE-2021-39317	11 Oct 202120:24	–	circl
CNNVD	WordPress 代码问题漏洞	11 Oct 202100:00	–	cnnvd
CVE	CVE-2021-39317	11 Oct 202115:48	–	cve
Cvelist	CVE-2021-39317 AccessPress Themes - Authenticated Malicious File Upload	11 Oct 202115:48	–	cvelist
EUVD	EUVD-2021-25678	7 Oct 202500:30	–	euvd
Patchstack	WordPress ScrollMe theme <= 2.1.0 - Arbitrary File Upload vulnerability	28 Nov 202100:00	–	patchstack
Patchstack	WordPress AccessPress Root theme <= 2.5 - Arbitrary File Upload vulnerability	28 Nov 202100:00	–	patchstack
Patchstack	WordPress Edict Lite theme <= 1.1.4 - Arbitrary File Upload vulnerability	24 Dec 202100:00	–	patchstack
Patchstack	WordPress Opstore theme <= 1.4.3 - Arbitrary File Upload vulnerability	24 Dec 202100:00	–	patchstack
Patchstack	WordPress Eight Sec theme <= 1.1.4 - Arbitrary File Upload vulnerability	24 Dec 202100:00	–	patchstack

NVD

Node

accesspressthemes access_demo_importerRange<1.0.7wordpress

accesspressthemes accesspress-liteRange≤2.92wordpress

accesspressthemes accesspress-magRange≤2.6.5wordpress

accesspressthemes accesspress-parallaxRange≤4.5wordpress

accesspressthemes accesspress-rootRange≤2.5wordpress

accesspressthemes accesspress-storeRange≤2.4.9wordpress

accesspressthemes accesspress_basicRange≤3.2.1wordpress

accesspressthemes agency-liteRange≤1.1.6wordpress

accesspressthemes arrivalRange≤1.4.2wordpress

accesspressthemes bingleRange≤1.0.4wordpress

accesspressthemes blogerRange≤1.2.6wordpress

accesspressthemes brovyRange≤1.3wordpress

accesspressthemes construction-liteRange≤1.2.5wordpress

accesspressthemes dokoRange≤1.0.27wordpress

accesspressthemes edict-liteRange≤1.1.4wordpress

accesspressthemes eight-secRange≤1.1.4wordpress

accesspressthemes eightlaw-liteRange≤2.1.5wordpress

accesspressthemes eightmedi-liteRange≤2.1.8wordpress

accesspressthemes eightstore-liteRange≤1.2.5wordpress

accesspressthemes enlightenRange≤1.3.5wordpress

accesspressthemes fotographyRange≤2.4.0wordpress

accesspressthemes opstoreRange≤1.4.3wordpress

accesspressthemes parallaxsomeRange≤1.3.6wordpress

accesspressthemes punteRange≤1.1.2wordpress

accesspressthemes revolveRange≤1.3.1wordpress

accesspressthemes rippleRange≤1.2.0wordpress

accesspressthemes sakalaRange≤1.0.4wordpress

accesspressthemes scrollmeRange≤2.1.0wordpress

accesspressthemes storevillaRange≤1.4.1wordpress

accesspressthemes swing-liteRange≤1.1.9wordpress

accesspressthemes the-launcherRange≤1.3.2wordpress

accesspressthemes the-mondayRange≤1.4.1wordpress

accesspressthemes the100Range≤1.1.2wordpress

accesspressthemes ultra-sevenRange≤1.2.8wordpress

accesspressthemes uncode-liteRange≤1.3.3wordpress

accesspressthemes vmagRange≤1.2.7wordpress

accesspressthemes vmagazine-liteRange≤1.3.5wordpress

accesspressthemes vmagazine-newsRange≤1.0.5wordpress

accesspressthemes wp-storeRange≤1.1.9wordpress

accesspressthemes wpparallaxRange≤2.0.6wordpress

accesspressthemes zigcy-babyRange≤1.0.6wordpress

accesspressthemes zigcy-cosmeticsRange≤1.0.5wordpress

accesspressthemes zigcy-liteRange≤2.0.9wordpress

Source	Link
wordfence	www.wordfence.com/blog/2021/10/high-severity-vulnerability-patched-in-access-demo-importer-plugin/
plugins	www.plugins.trac.wordpress.org/changeset/2602132/access-demo-importer/trunk/inc/demo-functions.php
patchstack	www.patchstack.com/articles/authenticated-vulnerability-in-unpatched-wordpress-themes/
plugins	www.plugins.trac.wordpress.org/changeset/2592642/access-demo-importer/trunk/inc/demo-functions.php

17 Jun 2026 04:03Current

CVSS 26.5

CVSS 3.18.8

EPSS0.01652