CVE-2021-24867 — CRITICAL (9.8)

Q: How severe is CVE-2021-24867?

CVE-2021-24867 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2021-24867?

Check the references section above for vendor advisories and patch information. Affected products include: Accesspressthemes Accessbuddy, Accesspressthemes Accesspress Anonymous Post, Accesspressthemes Accesspress Basic, Accesspressthemes Accesspress Custom Css, Accesspressthemes Accesspress Custom Post Type.

Vulnerability Description

Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to avoid any confusion

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Accesspressthemes	Accessbuddy	1.0.0
Accesspressthemes	Accesspress Anonymous Post	2.8.0
Accesspressthemes	Accesspress Basic	3.2.1
Accesspressthemes	Accesspress Custom Css	2.0.1
Accesspressthemes	Accesspress Custom Post Type	1.0.8
Accesspressthemes	Accesspress Ifeeds	4.0.3
Accesspressthemes	Accesspress Lite	2.92
Accesspressthemes	Accesspress Mag	2.6.5
Accesspressthemes	Accesspress Parallax	4.5
Accesspressthemes	Accesspress Ray	1.19.5
Accesspressthemes	Accesspress Root	2.5
Accesspressthemes	Accesspress Social Counter	1.9.1
Accesspressthemes	Accesspress Social Icons	1.8.2
Accesspressthemes	Accesspress Social Login Lite	3.4.7
Accesspressthemes	Accesspress Social Share	4.5.5
Accesspressthemes	Accesspress Staple	1.9.1
Accesspressthemes	Accesspress Store	2.4.9
Accesspressthemes	Agency Lite	1.1.6
Accesspressthemes	Ap Companion	< 1.0.7
Accesspressthemes	Ap Contact Form	1.0.6

Related Weaknesses (CWE)

CWE-912

References

https://jetpack.com/2022/01/18/backdoor-found-in-themes-and-plugins-from-accesspExploitThird Party Advisory
https://wpscan.com/vulnerability/9c76bada-fa32-4c2f-9855-d0efd1e63effExploitThird Party Advisory
https://jetpack.com/2022/01/18/backdoor-found-in-themes-and-plugins-from-accesspExploitThird Party Advisory
https://wpscan.com/vulnerability/9c76bada-fa32-4c2f-9855-d0efd1e63effExploitThird Party Advisory

FAQ

What is CVE-2021-24867?

CVE-2021-24867 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are af...

How severe is CVE-2021-24867?

CVE-2021-24867 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2021-24867?

Check the references section above for vendor advisories and patch information. Affected products include: Accesspressthemes Accessbuddy, Accesspressthemes Accesspress Anonymous Post, Accesspressthemes Accesspress Basic, Accesspressthemes Accesspress Custom Css, Accesspressthemes Accesspress Custom Post Type.