104 matches found
WordPress AccessPress Parallax theme <= 4.5 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress AccessPress Parallax theme versions = 4.5. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor...
WordPress AccessPress Social Icons 1.8.2 Plugin - (icon title) XSS Vulnerability
Exploit Title: WordPress Plugin AccessPress Social Icons 1.8.2 - 'icon title' Stored Cross-Site Scripting XSS Exploit Author: Murat DEMIRCI @butterflyhunt3r Vendor Homepage: https://accesspressthemes.com/ Software Link: https://wordpress.org/plugins/accesspress-social-icons/ Version: 1.8.2 Tested...
WordPress Plugin AccessPress Social Icons 1.8.2 - 'icon title' Stored Cross-Site Scripting (XSS)
Exploit Title: WordPress Plugin AccessPress Social Icons 1.8.2 - 'icon title' Stored Cross-Site Scripting XSS Date: 11/12/2021 Exploit Author: Murat DEMIRCI @butterflyhunt3r Vendor Homepage: https://accesspressthemes.com/ Software Link: https://wordpress.org/plugins/accesspress-social-icons/...
WordPress AccessPress Social Icons 1.8.2 Cross Site Scripting
Exploit Title: WordPress Plugin AccessPress Social Icons 1.8.2 - 'icon title' Stored Cross-Site Scripting XSS Date: 11/12/2021 Exploit Author: Murat DEMIRCI @butterflyhunt3r Vendor Homepage: https://accesspressthemes.com/ Software Link: https://wordpress.org/plugins/accesspress-social-icons/...
Backdoored Plugins & Themes from AccessPress Themes
Numerous Plugins and Themes from the AccessPress Themes aka Access Keys vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to...
CVE-2021-39317
A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the pluginofflineinstaller AJAX action due to a missing capability check in the pluginofflineinstallercallback function found in the /demo-functions.php file or /welcome.ph...
CVE-2021-39317
A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the pluginofflineinstaller AJAX action due to a missing capability check in the pluginofflineinstallercallback function found in the /demo-functions.php file or /welcome.ph...
Design/Logic Flaw
A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the pluginofflineinstaller AJAX action due to a missing capability check in the pluginofflineinstallercallback function found in the /demo-functions.php file or /welcome.ph...
CVE-2021-39317 AccessPress Themes - Authenticated Malicious File Upload
A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the pluginofflineinstaller AJAX action due to a missing capability check in the pluginofflineinstallercallback function found in the /demo-functions.php file or /welcome.ph...
CVE-2021-39317 AccessPress Themes - Authenticated Malicious File Upload
A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the pluginofflineinstaller AJAX action due to a missing capability check in the pluginofflineinstallercallback function found in the /demo-functions.php file or /welcome.ph...
CVE-2021-39317
CVE-2021-39317 affects AccessPress products: WordPress Plugin AccessPress Demo Importer (<=1.0.6) and multiple AccessPress themes (e.g., accesspress-basic <=3.2.1, accesspress-lite <=2.92, accesspress-mag
Wordpress AccessPress Social Icons plugin SQL Injection Vulnerability
Wordpress AccessPress Social Icon is an open source application plugin for Wordpress. The plugin is used to add design media icons to a website. A SQL injection vulnerability exists in versions of the Wordpress AccessPress Social Icons plugin prior to 1.8.1. The vulnerability stems from the progr...
CVE-2021-24143
Unvalidated input in the AccessPress Social Icons plugin, versions before 1.8.1, did not sanitise its widget attribute, allowing accounts with post permission, such as author, to perform SQL injections...
CVE-2021-24143
Unvalidated input in the AccessPress Social Icons plugin, versions before 1.8.1, did not sanitise its widget attribute, allowing accounts with post permission, such as author, to perform SQL injections...
Sql injection
Unvalidated input in the AccessPress Social Icons plugin, versions before 1.8.1, did not sanitise its widget attribute, allowing accounts with post permission, such as author, to perform SQL injections...
CVE-2021-24143
AccessPress Social Icons for WordPress is vulnerable in all versions before 1.8.1 due to unvalidated, unsanitized widget attribute input, enabling authenticated users with post permissions (e.g., author) to perform SQL injections. Affected component: the plugin’s widget attribute handling. Verifi...
CVE-2021-24143 AccessPress Social Icons < 1.8.1 - Authenticated SQL Injection
Unvalidated input in the AccessPress Social Icons plugin, versions before 1.8.1, did not sanitise its widget attribute, allowing accounts with post permission, such as author, to perform SQL injections...
Wordpress AccessPress Social Icon SQL注入漏洞
Wordpress AccessPress Social Icon is an open source application plugin for Wordpress. The plugin is used to add design media icons to a website. A SQL injection vulnerability exists in versions of the Wordpress AccessPress Social Icons plugin prior to 1.8.1. The vulnerability stems from the progr...
WordPress Accesspress Social Icons plugin <= 1.8.0 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability found by Nguyen Khang in WordPress Accesspress Social Icons plugin version = 1.8.0. Solution Update the WordPress Accesspress Social Icons plugin to the latest available version at least 1.8.1...
Wordpress Theme Accesspress Social Icons 1.7.9 - SQL injection (Authenticated)
Exploit Title: Wordpress Theme Accesspress Social Icons 1.7.9 - SQL injection Authenticated Exploit Author: SunCSR Sun Cyber Security Research - Nguyen Khang Google Dork: N/A Date: 2020-08-24 Vendor Homepage: https://accesspressthemes.com Software Link:...