CVE-2021-24867

CRITICAL

AccessPress Themes - Backdoor

Title source: llm

Description

Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to avoid any confusion

References (2)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/9c76bada-fa32-4c2f-9855-d0efd1e63eff

[Exploit, Third Party Advisory] https://jetpack.com/2022/01/18/backdoor-found-in-themes-and-plugins-from-accesspress-themes/

Scores

CVSS v3 9.8

EPSS 0.0476

EPSS Percentile 89.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-912

Status published

Products (50)

accesspressthemes/accessbuddy 1.0.0

accesspressthemes/accesspress_anonymous_post 2.8.0

accesspressthemes/accesspress_basic 3.2.1

accesspressthemes/accesspress_custom_css 2.0.1

accesspressthemes/accesspress_custom_post_type 1.0.8

accesspressthemes/accesspress_ifeeds 4.0.3

accesspressthemes/accesspress_lite 2.92

accesspressthemes/accesspress_mag 2.6.5

accesspressthemes/accesspress_parallax 4.5

accesspressthemes/accesspress_ray 1.19.5

... and 40 more

Published Feb 21, 2022

Tracked Since Feb 18, 2026