CVE-2023-26518 – WordPress WP TFeed Plugin <= 1.6.9 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-26518
Cross-Site Request Forgery (CSRF) vulnerability in AccessPress Themes WP TFeed plugin <= 1.6.9 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento WP TFeed de AccessPress Themes en versiones <= 1.6.9. The WP TFeed plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.9. This is due to missing or incorrect nonce validation on the aptf_delete_cache function. This makes it possible for unauthenticated attackers to delete the plugin's tweet cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/accesspress-twitter-feed/wordpress-wp-tfeed-plugin-1-6-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2021-24867 – Backdoored Plugins & Themes from AccessPress Themes
https://notcve.org/view.php?id=CVE-2021-24867
Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to avoid any confusion Numerosos plugins y temas del proveedor de AccessPress Themes (también se conoce como Access Keys) han sido perjudicados debido a que su sitio web ha sido comprometido. Sólo están afectados los plugins y temas descargados por medio del sitio web del proveedor, no así los alojados en wordpress.org. Sin embargo, todos ellos fueron actualizados o eliminados para evitar cualquier confusión • https://jetpack.com/2022/01/18/backdoor-found-in-themes-and-plugins-from-accesspress-themes https://wpscan.com/vulnerability/9c76bada-fa32-4c2f-9855-d0efd1e63eff • CWE-912: Hidden Functionality •