CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26532 – WordPress Social Auto Poster Plugin <= 2.1.4 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-26532
28 Feb 2023 — Cross-Site Request Forgery (CSRF) vulnerability in AccessPress Themes Social Auto Poster plugin <= 2.1.4 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento AccessPress Themes Social Auto Poster en versiones <=2.1.4. The Social Auto Poster plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.4. This is due to missing or incorrect nonce validation on the 'restore_settings' function. This makes it possible for unauthenticated att... • https://patchstack.com/database/vulnerability/accesspress-facebook-auto-post/wordpress-social-auto-poster-plugin-2-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 93EXPL: 2CVE-2021-24867 – Backdoored Plugins & Themes from AccessPress Themes
https://notcve.org/view.php?id=CVE-2021-24867
13 Oct 2021 — Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to avoid any confusion Numerosos plugins y temas del proveedor de AccessPress Themes (también se conoce como Access Keys) han sido perjudicados debido a que su sitio web ha sido comprometido. Sólo están afectados los... • https://jetpack.com/2022/01/18/backdoor-found-in-themes-and-plugins-from-accesspress-themes • CWE-912: Hidden Functionality •