CVSS: 9.8EPSS: 6%CPEs: 93EXPL: 2CVE-2021-24867 – Backdoored Plugins & Themes from AccessPress Themes
https://notcve.org/view.php?id=CVE-2021-24867
13 Oct 2021 — Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to avoid any confusion Numerosos plugins y temas del proveedor de AccessPress Themes (también se conoce como Access Keys) han sido perjudicados debido a que su sitio web ha sido comprometido. Sólo están afectados los... • https://jetpack.com/2022/01/18/backdoor-found-in-themes-and-plugins-from-accesspress-themes • CWE-912: Hidden Functionality •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2017-15919 – Ultimate Form Builder Lite <= 1.3.6 - SQL Injection to PHP Object Injection
https://notcve.org/view.php?id=CVE-2017-15919
23 Oct 2017 — The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php. El plugin ultimate-form-builder-lite en versiones anteriores a la 1.3.7 para WordPress tiene Inyección SQL, con inyección de objetos PHP como resultado, mediante wp-admin/admin-ajax.php. • http://www.securityfocus.com/bid/101604 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •