CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26518 – WordPress WP TFeed Plugin <= 1.6.9 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-26518
28 Feb 2023 — Cross-Site Request Forgery (CSRF) vulnerability in AccessPress Themes WP TFeed plugin <= 1.6.9 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento WP TFeed de AccessPress Themes en versiones <= 1.6.9. The WP TFeed plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.9. This is due to missing or incorrect nonce validation on the aptf_delete_cache function. This makes it possible for unauthenticated attackers to delete the plugin... • https://patchstack.com/database/vulnerability/accesspress-twitter-feed/wordpress-wp-tfeed-plugin-1-6-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 93EXPL: 2CVE-2021-24867 – Backdoored Plugins & Themes from AccessPress Themes
https://notcve.org/view.php?id=CVE-2021-24867
13 Oct 2021 — Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to avoid any confusion Numerosos plugins y temas del proveedor de AccessPress Themes (también se conoce como Access Keys) han sido perjudicados debido a que su sitio web ha sido comprometido. Sólo están afectados los... • https://jetpack.com/2022/01/18/backdoor-found-in-themes-and-plugins-from-accesspress-themes • CWE-912: Hidden Functionality •