CVSS: 9.8EPSS: 6%CPEs: 93EXPL: 2CVE-2021-24867 – Backdoored Plugins & Themes from AccessPress Themes
https://notcve.org/view.php?id=CVE-2021-24867
13 Oct 2021 — Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to avoid any confusion Numerosos plugins y temas del proveedor de AccessPress Themes (también se conoce como Access Keys) han sido perjudicados debido a que su sitio web ha sido comprometido. Sólo están afectados los... • https://jetpack.com/2022/01/18/backdoor-found-in-themes-and-plugins-from-accesspress-themes • CWE-912: Hidden Functionality •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-25378 – WP Floating Menu <= 1.4.0 - Cross-Site Scripting via id Parameter
https://notcve.org/view.php?id=CVE-2020-25378
24 Aug 2020 — Wordpress Plugin Store / AccessPress Themes WP Floating Menu V1.3.0 is affected by: Cross Site Scripting (XSS) via the id GET parameter. Wordpress Plugin Store / AccessPress Themes WP Floating Menu versión V1.3.0, está afectada por: una vulnerabilidad de tipo Cross Site Scripting (XSS) por medio del parámetro GET id • https://zeroaptitude.com/misha/wordpress-plugin-bug-hunting-part-2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •