Backdoored Plugins & Themes from AccessPress Themes

Affects Plugins

accesspress-anonymous-post

Fixed in 2.8.1

accesspress-custom-css

Fixed in 2.0.2

accesspress-custom-post-type

Fixed in 1.0.9

accesspress-facebook-auto-post

Fixed in 2.1.4

accesspress-instagram-feed

Fixed in 4.0.4

accesspress-pinterest

Fixed in 3.3.4

accesspress-social-counter

Fixed in 1.9.2

accesspress-social-icons

Fixed in 1.8.3

accesspress-social-login-lite

Fixed in 3.4.8

accesspress-social-share

Fixed in 4.5.6

accesspress-twitter-auto-post

Fixed in 1.4.6

accesspress-twitter-feed

Fixed in 1.6.8

ak-menu-icons-lite

Fixed in 1.0.9

ap-companion

Fixed in 1.0.7

ap-contact-form

Fixed in 1.0.7

ap-custom-testimonial

Fixed in 1.4.7

ap-mega-menu

Fixed in 3.0.6

ap-pricing-tables-lite

Fixed in 1.1.3

apex-notification-bar-lite

Fixed in 2.0.5

cf7-store-to-db-lite

Fixed in 1.1.0

comments-disable-accesspress

Fixed in 1.0.8

easy-side-tab-cta

Fixed in 1.0.8

everest-admin-theme-lite

Fixed in 1.0.8

everest-coming-soon-lite

Fixed in 1.1.1

everest-comment-rating-lite

Fixed in 2.0.5

everest-counter-lite

Fixed in 2.0.8

everest-faq-manager-lite

Fixed in 1.0.9

everest-gallery-lite

Fixed in 1.0.9

everest-google-places-reviews-lite

Fixed in 2.0.0

everest-review-lite

No known fix

everest-tab-lite

Fixed in 2.0.4

everest-timeline-lite

Fixed in 1.1.2

inline-call-to-action-builder-lite

Fixed in 1.1.1

product-slider-for-woocommerce-lite

Fixed in 1.1.6

smart-logo-showcase-lite

Fixed in 1.1.8

smart-scroll-posts

Fixed in 2.0.9

smart-scroll-to-top-lite

Fixed in 1.0.4

total-gdpr-compliance-lite

Fixed in 1.0.5

total-team-lite

Fixed in 1.1.2

ultimate-author-box-lite

Fixed in 1.1.3

ultimate-form-builder-lite

Fixed in 1.5.1

woo-badge-designer-lite

Fixed in 1.1.1

wp-1-slider

Fixed in 1.3.0

wp-blog-manager-lite

Fixed in 1.1.2

wp-comment-designer-lite

Fixed in 2.0.4

wp-cookie-user-info

Fixed in 1.0.8

wp-facebook-review-showcase-lite

Fixed in 1.0.9

wp-fb-messenger-button-lite

Fixed in 2.0.7

wp-floating-menu

Fixed in 1.4.5

wp-media-manager-lite

Fixed in 1.1.3

wp-popup-banners

Fixed in 1.2.4

wp-popup-lite

No known fix

wp-product-gallery-lite

Fixed in 1.1.3

Affects Themes

No known fix

Fixed in 3.2.2

Fixed in 2.93

Fixed in 2.6.6

Fixed in 4.6

No known fix

Fixed in 2.6.0

No known fix

Fixed in 2.5.0

Fixed in 1.1.7

aplite

No known fix

bingle

Fixed in 1.0.5

bloger

Fixed in 1.2.7

construction-lite

Fixed in 1.2.6

doko

Fixed in 1.1.0

Fixed in 1.3.6

No known fix

Fixed in 2.4.1

No known fix

No known fix

No known fix

No known fix

Fixed in 1.3.7

punte

Fixed in 1.1.3

revolve

No known fix

ripple

Fixed in 1.2.1

No known fix

No known fix

Fixed in 1.4.2

Fixed in 1.2.0

Fixed in 1.3.3

No known fix

No known fix

Fixed in 1.2.7

vmag

Fixed in 1.2.8

Fixed in 1.3.7

Fixed in 1.0.6

Fixed in 1.0.7

Fixed in 1.0.6

Fixed in 2.1.0

References

CVE

CVE-2021-24867

URL

https://jetpack.com/2022/01/18/backdoor-found-in-themes-and-plugins-from-accesspress-themes/

Miscellaneous

Original Researcher

Harald Eilertsen (Jetpack Scan)

Verified

Yes

WPVDB ID

9c76bada-fa32-4c2f-9855-d0efd1e63eff

Timeline

Publicly Published

2021-10-13 (about 2 years ago)

Added

2022-01-18 (about 2 years ago)

Last Updated

2022-06-11 (about 1 years ago)

Other

Published

Title

Published

2020-02-27

Title

wpdefault - Backdoor Plugin

Published

2020-01-27

Title

blnmrpb - Webshell in Fake Plugin

Published

2017-12-28

Title

Duplicate Page and Post 2.1.0-2.1.1 (current) - Backdoored

Published

2017-12-19

Title

Captcha 4.3.6–4.4.4 - Backdoored

Published

2020-04-22

Title

M-Shield & kingof - Fake Malware Backdoor Plugins