Lucene search
+L

5 matches found

NVD
NVD
added 2022/02/21 11:15 a.m.49 views

CVE-2021-24867

Numerous Plugins and Themes from the AccessPress Themes aka Access Keys vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to...

9.8CVSS0.18878EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/02/21 10:45 a.m.44 views

CVE-2021-24867 Backdoored Plugins & Themes from AccessPress Themes

Numerous Plugins and Themes from the AccessPress Themes aka Access Keys vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to...

9.7AI score0.18878EPSS
Exploits1References2
CVE
CVE
added 2022/02/21 10:45 a.m.187 views

CVE-2021-24867

CVE-2021-24867 relates to backdoored AccessPress Themes plugins/themes distributed via the vendor site (not from wordpress.org). The vulnerability was exploited in the wild to deploy web shells and site defacements, observed by Talos IR as part of initial access through exploitation of a WordPres...

9.8CVSS9.6AI score0.18878EPSS
Exploits1References2Affected Software93
Check Point Advisories
Check Point Advisories
added 2022/01/25 12:0 a.m.25 views

WordPress AccessPress Themes Webshell Upload (CVE-2021-24867)

An attacker might upload a webshell backdoor to WordPress AccessPress Themes. A successful exploitation might allow the attacker to run arbitrary code, or use the server as a bot for further attacks...

7.5CVSS3.1AI score0.18878EPSS
Exploits1
The Hacker News
The Hacker News
added 2022/01/22 7:13 a.m.58 views

Hackers Planted Secret Backdoor in Dozens of WordPress Plugins and Themes

In yet another instance of software supply chain attack, dozens of WordPress themes and plugins hosted on a developer's website were backdoored with malicious code in the first half of September 2021 with the goal of infecting further sites. The backdoor gave the attackers full administrative...

9.8CVSS7.9AI score0.70511EPSS
Exploits4
Rows per page
Query Builder