WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Backdoored Plugins & Themes from AccessPress Themes

Description

Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to avoid any confusion

Affects Plugins

accesspress-anonymous-post
Fixed in version 2.8.1
accesspress-custom-css
Fixed in version 2.0.2
accesspress-custom-post-type
Fixed in version 1.0.9
accesspress-facebook-auto-post
Fixed in version 2.1.4
accesspress-instagram-feed
Fixed in version 4.0.4
accesspress-pinterest
Fixed in version 3.3.4
accesspress-social-counter
Fixed in version 1.9.2
accesspress-social-icons
Fixed in version 1.8.3
accesspress-social-login-lite
Fixed in version 3.4.8
accesspress-social-share
Fixed in version 4.5.6

Affects Themes

accessbuddy
No known fix
accesspress-basic
Fixed in version 3.2.2
accesspress-lite
Fixed in version 2.93
accesspress-mag
Fixed in version 2.6.6
accesspress-parallax
Fixed in version 4.6
accesspress-ray
No known fix
accesspress-root
Fixed in version 2.6.0
accesspress-staple
No known fix
accesspress-store
Fixed in version 2.5.0
agency-lite
Fixed in version 1.1.7

References

CVE
CVE-2021-24867
URL
https://jetpack.com/2022/01/18/backdoor-found-in-themes-and-plugins-from-accesspress-themes/

Classification

Type

BACKDOOR

CWE
CWE-912

Miscellaneous

Original Researcher

Harald Eilertsen (Jetpack Scan)

Verified

Yes

WPVDB ID
9c76bada-fa32-4c2f-9855-d0efd1e63eff

Timeline

Publicly Published

2021-10-13 (about 7 months ago)

Added

2022-01-18 (about 3 months ago)

Last Updated

2022-04-08 (about 1 months ago)

Our Other Services

WPScan WordPress Security Plugin