CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26532 – WordPress Social Auto Poster Plugin <= 2.1.4 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-26532
Cross-Site Request Forgery (CSRF) vulnerability in AccessPress Themes Social Auto Poster plugin <= 2.1.4 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento AccessPress Themes Social Auto Poster en versiones <=2.1.4. The Social Auto Poster plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.4. This is due to missing or incorrect nonce validation on the 'restore_settings' function. This makes it possible for unauthenticated attackers to reset (and thus destroy) the current plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/accesspress-facebook-auto-post/wordpress-social-auto-poster-plugin-2-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 93EXPL: 2CVE-2021-24867 – Backdoored Plugins & Themes from AccessPress Themes
https://notcve.org/view.php?id=CVE-2021-24867
Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to avoid any confusion Numerosos plugins y temas del proveedor de AccessPress Themes (también se conoce como Access Keys) han sido perjudicados debido a que su sitio web ha sido comprometido. Sólo están afectados los plugins y temas descargados por medio del sitio web del proveedor, no así los alojados en wordpress.org. Sin embargo, todos ellos fueron actualizados o eliminados para evitar cualquier confusión • https://jetpack.com/2022/01/18/backdoor-found-in-themes-and-plugins-from-accesspress-themes https://wpscan.com/vulnerability/9c76bada-fa32-4c2f-9855-d0efd1e63eff • CWE-912: Hidden Functionality •