Description
Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to avoid any confusion
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/9c76bada-fa32-4c2f-9855-d0efd1e63eff
Exploit, Third Party Advisory x_refsource_misc
https://jetpack.com/2022/01/18/backdoor-found-in-themes-and-plugins-from-accesspress-themes/
Scores
CVSS v3
9.8
EPSS
0.1888
EPSS Percentile
96.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-912
Status
published
Products (50)
accesspressthemes/accessbuddy
1.0.0
accesspressthemes/accesspress_anonymous_post
2.8.0
accesspressthemes/accesspress_basic
3.2.1
accesspressthemes/accesspress_custom_css
2.0.1
accesspressthemes/accesspress_custom_post_type
1.0.8
accesspressthemes/accesspress_ifeeds
4.0.3
accesspressthemes/accesspress_lite
2.92
accesspressthemes/accesspress_mag
2.6.5
accesspressthemes/accesspress_parallax
4.5
accesspressthemes/accesspress_ray
1.19.5
... and 40 more
Published
Feb 21, 2022
Tracked Since
Feb 18, 2026