Lucene search
K

104 matches found

Patchstack
Patchstack
added 2021/11/28 12:0 a.m.13 views

WordPress AccessPress Parallax theme <= 4.5 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress AccessPress Parallax theme versions = 4.5. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor...

8.8CVSS2.7AI score0.01652EPSS
Exploits2References4Affected Software1
0day.today
0day.today
added 2021/11/12 12:0 a.m.404 views

WordPress AccessPress Social Icons 1.8.2 Plugin - (icon title) XSS Vulnerability

Exploit Title: WordPress Plugin AccessPress Social Icons 1.8.2 - 'icon title' Stored Cross-Site Scripting XSS Exploit Author: Murat DEMIRCI @butterflyhunt3r Vendor Homepage: https://accesspressthemes.com/ Software Link: https://wordpress.org/plugins/accesspress-social-icons/ Version: 1.8.2 Tested...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2021/11/12 12:0 a.m.370 views

WordPress Plugin AccessPress Social Icons 1.8.2 - &#039;icon title&#039; Stored Cross-Site Scripting (XSS)

Exploit Title: WordPress Plugin AccessPress Social Icons 1.8.2 - 'icon title' Stored Cross-Site Scripting XSS Date: 11/12/2021 Exploit Author: Murat DEMIRCI @butterflyhunt3r Vendor Homepage: https://accesspressthemes.com/ Software Link: https://wordpress.org/plugins/accesspress-social-icons/...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/11/12 12:0 a.m.414 views

WordPress AccessPress Social Icons 1.8.2 Cross Site Scripting

Exploit Title: WordPress Plugin AccessPress Social Icons 1.8.2 - 'icon title' Stored Cross-Site Scripting XSS Date: 11/12/2021 Exploit Author: Murat DEMIRCI @butterflyhunt3r Vendor Homepage: https://accesspressthemes.com/ Software Link: https://wordpress.org/plugins/accesspress-social-icons/...

7.1AI score
Exploits0
WPVulnDB
WPVulnDB
added 2021/10/13 12:0 a.m.22 views

Backdoored Plugins & Themes from AccessPress Themes

Numerous Plugins and Themes from the AccessPress Themes aka Access Keys vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to...

3.8AI score0.18878EPSS
Exploits1References1Affected Software93
NVD
NVD
added 2021/10/11 4:15 p.m.17 views

CVE-2021-39317

A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the pluginofflineinstaller AJAX action due to a missing capability check in the pluginofflineinstallercallback function found in the /demo-functions.php file or /welcome.ph...

8.8CVSS0.01652EPSS
Exploits2References4
OSV
OSV
added 2021/10/11 4:15 p.m.21 views

CVE-2021-39317

A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the pluginofflineinstaller AJAX action due to a missing capability check in the pluginofflineinstallercallback function found in the /demo-functions.php file or /welcome.ph...

8.8CVSS6.4AI score
Exploits0References4
Prion
Prion
added 2021/10/11 4:15 p.m.15 views

Design/Logic Flaw

A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the pluginofflineinstaller AJAX action due to a missing capability check in the pluginofflineinstallercallback function found in the /demo-functions.php file or /welcome.ph...

6.5CVSS8.4AI score0.01652EPSS
Exploits2References4Affected Software43
Vulnrichment
Vulnrichment
added 2021/10/11 3:48 p.m.6 views

CVE-2021-39317 AccessPress Themes - Authenticated Malicious File Upload

A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the pluginofflineinstaller AJAX action due to a missing capability check in the pluginofflineinstallercallback function found in the /demo-functions.php file or /welcome.ph...

8.8CVSS8.6AI score0.01652EPSS
Exploits2References4
Cvelist
Cvelist
added 2021/10/11 3:48 p.m.15 views

CVE-2021-39317 AccessPress Themes - Authenticated Malicious File Upload

A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the pluginofflineinstaller AJAX action due to a missing capability check in the pluginofflineinstallercallback function found in the /demo-functions.php file or /welcome.ph...

8.8CVSS8.8AI score0.01652EPSS
Exploits2References4
CVE
CVE
added 2021/10/11 3:48 p.m.103 views

CVE-2021-39317

CVE-2021-39317 affects AccessPress products: WordPress Plugin AccessPress Demo Importer (&lt;=1.0.6) and multiple AccessPress themes (e.g., accesspress-basic &lt;=3.2.1, accesspress-lite &lt;=2.92, accesspress-mag

8.8CVSS8.5AI score0.01652EPSS
Exploits2References4Affected Software43
CNVD
CNVD
added 2021/03/22 12:0 a.m.9 views

Wordpress AccessPress Social Icons plugin SQL Injection Vulnerability

Wordpress AccessPress Social Icon is an open source application plugin for Wordpress. The plugin is used to add design media icons to a website. A SQL injection vulnerability exists in versions of the Wordpress AccessPress Social Icons plugin prior to 1.8.1. The vulnerability stems from the progr...

8.8CVSS7.8AI score0.01255EPSS
Exploits1References1
NVD
NVD
added 2021/03/18 3:15 p.m.21 views

CVE-2021-24143

Unvalidated input in the AccessPress Social Icons plugin, versions before 1.8.1, did not sanitise its widget attribute, allowing accounts with post permission, such as author, to perform SQL injections...

8.8CVSS0.01255EPSS
Exploits1References1
OSV
OSV
added 2021/03/18 3:15 p.m.4 views

CVE-2021-24143

Unvalidated input in the AccessPress Social Icons plugin, versions before 1.8.1, did not sanitise its widget attribute, allowing accounts with post permission, such as author, to perform SQL injections...

8.8CVSS7.3AI score0.01255EPSS
Exploits1References1
Prion
Prion
added 2021/03/18 3:15 p.m.15 views

Sql injection

Unvalidated input in the AccessPress Social Icons plugin, versions before 1.8.1, did not sanitise its widget attribute, allowing accounts with post permission, such as author, to perform SQL injections...

6.5CVSS8.8AI score0.01255EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2021/03/18 2:57 p.m.52 views

CVE-2021-24143

AccessPress Social Icons for WordPress is vulnerable in all versions before 1.8.1 due to unvalidated, unsanitized widget attribute input, enabling authenticated users with post permissions (e.g., author) to perform SQL injections. Affected component: the plugin’s widget attribute handling. Verifi...

8.8CVSS8.9AI score0.01255EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/03/18 2:57 p.m.21 views

CVE-2021-24143 AccessPress Social Icons < 1.8.1 - Authenticated SQL Injection

Unvalidated input in the AccessPress Social Icons plugin, versions before 1.8.1, did not sanitise its widget attribute, allowing accounts with post permission, such as author, to perform SQL injections...

9.1AI score0.01255EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/03/18 12:0 a.m.5 views

Wordpress AccessPress Social Icon SQL注入漏洞

Wordpress AccessPress Social Icon is an open source application plugin for Wordpress. The plugin is used to add design media icons to a website. A SQL injection vulnerability exists in versions of the Wordpress AccessPress Social Icons plugin prior to 1.8.1. The vulnerability stems from the progr...

8.8CVSS6AI score0.01255EPSS
Exploits1References2
Patchstack
Patchstack
added 2020/11/28 12:0 a.m.5 views

WordPress Accesspress Social Icons plugin <= 1.8.0 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability found by Nguyen Khang in WordPress Accesspress Social Icons plugin version = 1.8.0. Solution Update the WordPress Accesspress Social Icons plugin to the latest available version at least 1.8.1...

4.6AI score
Exploits0References2Affected Software1
Exploit DB
Exploit DB
added 2020/11/27 12:0 a.m.872 views

Wordpress Theme Accesspress Social Icons 1.7.9 - SQL injection (Authenticated)

Exploit Title: Wordpress Theme Accesspress Social Icons 1.7.9 - SQL injection Authenticated Exploit Author: SunCSR Sun Cyber Security Research - Nguyen Khang Google Dork: N/A Date: 2020-08-24 Vendor Homepage: https://accesspressthemes.com Software Link:...

7.4AI score
Exploits0
Rows per page
Query Builder