CVSS: 9.8EPSS: 0%CPEs: 93EXPL: 2CVE-2021-24867 – Backdoored Plugins & Themes from AccessPress Themes
https://notcve.org/view.php?id=CVE-2021-24867
Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to avoid any confusion Numerosos plugins y temas del proveedor de AccessPress Themes (también se conoce como Access Keys) han sido perjudicados debido a que su sitio web ha sido comprometido. Sólo están afectados los plugins y temas descargados por medio del sitio web del proveedor, no así los alojados en wordpress.org. Sin embargo, todos ellos fueron actualizados o eliminados para evitar cualquier confusión • https://jetpack.com/2022/01/18/backdoor-found-in-themes-and-plugins-from-accesspress-themes https://wpscan.com/vulnerability/9c76bada-fa32-4c2f-9855-d0efd1e63eff • CWE-912: Hidden Functionality •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-25378 – WP Floating Menu <= 1.4.0 - Cross-Site Scripting via id Parameter
https://notcve.org/view.php?id=CVE-2020-25378
Wordpress Plugin Store / AccessPress Themes WP Floating Menu V1.3.0 is affected by: Cross Site Scripting (XSS) via the id GET parameter. Wordpress Plugin Store / AccessPress Themes WP Floating Menu versión V1.3.0, está afectada por: una vulnerabilidad de tipo Cross Site Scripting (XSS) por medio del parámetro GET id • https://zeroaptitude.com/misha/wordpress-plugin-bug-hunting-part-2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •