CVE-2021-24867

Public Exploit

Backdoored Plugins & Themes from AccessPress Themes

Description

Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to avoid any confusion

References

Link	Tags
https://wpscan.com/vulnerability/9c76bada-fa32-4c2f-9855-d0efd1e63eff	third party advisory exploit
https://jetpack.com/2022/01/18/backdoor-found-in-themes-and-plugins-from-accesspress-themes/	third party advisory exploit

Frequently Asked Questions

What is the severity of CVE-2021-24867?: CVE-2021-24867 has been scored as a critical severity vulnerability.
How to fix CVE-2021-24867?: To fix CVE-2021-24867, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2021-24867 being actively exploited in the wild?: It is possible that CVE-2021-24867 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~6% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-24867?: CVE-2021-24867 affects AccessPress Themes Frontend Post WordPress Plugin – AccessPress Anonymous Post, AccessPress Themes AccessPress Custom CSS, AccessPress Themes AccessPress Custom Post Type, AccessPress Themes Social Auto Poster, AccessPress Themes AccessPress iFeeds, AccessPress Themes PI Button, AccessPress Themes AccessPress Social Counter, AccessPress Themes AccessPress Social Icons, AccessPress Themes AccessPress Social Login Lite – Social Login WordPress Plugin, AccessPress Themes AccessPress Social Share, AccessPress Themes TAuto Poster, AccessPress Themes WP TFeed, AccessPress Themes Effectively Add & Customize Free Icons For WordPress Menus – WP Menu Icons Lite, AccessPress Themes AP Companion, AccessPress Themes Easiest Contact Form for WordPress – AP Contact Form, AccessPress Themes Testimonial WordPress Plugin – AP Custom Testimonial, AccessPress Themes Mega Menu Plugin for WordPress – AP Mega Menu, AccessPress Themes Pricing Table Builder – AP Pricing Tables Lite, AccessPress Themes Responsive Notification Bar Plugin for WordPress – Apex Notification Bar Lite, AccessPress Themes Form Store to DB, AccessPress Themes Comments Disable – AccessPress, AccessPress Themes CTA plugin for WordPress – Easy Side Tab, AccessPress Themes WordPress Backend Customizer – Everest Admin Theme Lite, AccessPress Themes Ultimate Coming Soon, Maintenance Mode Plugin for WordPress – Everest Coming Soon Lite, AccessPress Themes Free WordPress Plugin To Display Like/Dislike Comment Rating – Everest Comment Rating Lite, AccessPress Themes Beautiful Stat Counter Plugin for WordPress – Everest Counter Lite, AccessPress Themes Beautiful FAQ Plugin for WordPress – Everest FAQ Manager Lite, AccessPress Themes Responsive Media Gallery Plugin for WordPress – Everest Gallery Lite, AccessPress Themes Everest GPlaces Business Reviews, AccessPress Themes Everest Review Lite – User/Admin review plugin for WordPress, AccessPress Themes Free Responsive Tab Plugin For WordPress – Everest Tab Lite, AccessPress Themes Responsive WordPress Timeline Plugin – Everest Timeline Lite, AccessPress Themes Inline Call To Action Builder Lite – Free Call To Action Layer Plugin for WordPress, AccessPress Themes Product Slider For WooCommerce Lite, AccessPress Themes Responsive Clients Logo Gallery Plugin for WordPress – Smart Logo Showcase Lite, AccessPress Themes Smart Scroll Posts for WordPress, AccessPress Themes Faster and Easier scroll to Top Plugin for WordPress – Smart Scroll to Top Lite, AccessPress Themes Total GDPR Compliance Lite – WordPress Plugin for GDPR Compatibility, AccessPress Themes Total Team Lite – Responsive Team Manager / Showcase Plugin for WordPress, AccessPress Themes Free Responsive Post/Article Author Section Plugin for WordPress – Ultimate Author Box Lite, AccessPress Themes Contact Form for WordPress – Ultimate Form Builder Lite, AccessPress Themes Badge Designer Lite For WooCommerce, AccessPress Themes WordPress Slider Plugin – WP 1 Slider, AccessPress Themes Plugin to Manage / Design WordPress Blog – WP Blog Manager Lite, AccessPress Themes Smartest Way To Design & Customize WordPress Comments & Comment Form – WP Comment Designer Lite, AccessPress Themes Cookie Notification Plugin for WordPress – WP Cookie User Info, AccessPress Themes Social Review, AccessPress Themes MContact Button, AccessPress Themes WP Floating Menu – One page navigator, sticky menu for WordPress, AccessPress Themes The Easiest WordPress Media Manager Plugin – WP Media Manager Lite, AccessPress Themes WP Popup Banners, AccessPress Themes WP Popup Lite – Responsive popup plugin for WordPress, AccessPress Themes Responsive Products Showcase Listing for WordPress – WP Product Gallery Lite, AccessPress Themes accessbuddy, AccessPress Themes Accesspress Basic, AccessPress Themes Accesspress Lite, AccessPress Themes Accesspress Mag, AccessPress Themes AccessPress Parallax, AccessPress Themes accesspress-ray, AccessPress Themes AccessPress Root, AccessPress Themes AccessPress Staple, AccessPress Themes AccessPress Store, AccessPress Themes Agency Lite, AccessPress Themes Aplite, AccessPress Themes Bingle, AccessPress Themes Bloger, AccessPress Themes Construction Lite, AccessPress Themes Doko, AccessPress Themes Enlighten, AccessPress Themes FashStore, AccessPress Themes FotoGraphy, AccessPress Themes Gaga Corp, AccessPress Themes Gaga Lite, AccessPress Themes One Paze, AccessPress Themes parallax-blog, AccessPress Themes ParallaxSome, AccessPress Themes Punte, AccessPress Themes Revolve, AccessPress Themes Ripple, AccessPress Themes ScrollMe, AccessPress Themes SportsMag, AccessPress Themes StoreVilla, AccessPress Themes Swing Lite, AccessPress Themes The Launcher, AccessPress Themes The Monday, AccessPress Themes Uncode Lite, AccessPress Themes Unicon Lite, AccessPress Themes VMag, AccessPress Themes VMagazine Lite, AccessPress Themes Vmagazine News, AccessPress Themes Zigcy Baby, AccessPress Themes Zigcy Cosmetics, AccessPress Themes Zigcy Lite.

Description

Category

CWE-912 – Hidden Functionality

References

Frequently Asked Questions