CVE-2021-39317

AccessPress Themes - Authenticated Malicious File Upload

Severity Score

8.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the /demo-functions.php file or /welcome.php file of the affected products. The complete list of affected products and their versions are below: WordPress Plugin: AccessPress Demo Importer <=1.0.6 WordPress Themes: accesspress-basic <= 3.2.1 accesspress-lite <= 2.92 accesspress-mag <= 2.6.5 accesspress-parallax <= 4.5 accesspress-root <= 2.5 accesspress-store <= 2.4.9 agency-lite <= 1.1.6 arrival <= 1.4.2 bingle <= 1.0.4 bloger <= 1.2.6 brovy <= 1.3 construction-lite <= 1.2.5 doko <= 1.0.27 edict-lite <= 1.1.4 eightlaw-lite <= 2.1.5 eightmedi-lite <= 2.1.8 eight-sec <= 1.1.4 eightstore-lite <= 1.2.5 enlighten <= 1.3.5 fotography <= 2.4.0 opstore <= 1.4.3 parallaxsome <= 1.3.6 punte <= 1.1.2 revolve <= 1.3.1 ripple <= 1.2.0 sakala <= 1.0.4 scrollme <= 2.1.0 storevilla <= 1.4.1 swing-lite <= 1.1.9 the100 <= 1.1.2 the-launcher <= 1.3.2 the-monday <= 1.4.1 ultra-seven <= 1.2.8 uncode-lite <= 1.3.3 vmag <= 1.2.7 vmagazine-lite <= 1.3.5 vmagazine-news <= 1.0.5 wpparallax <= 2.0.6 wp-store <= 1.1.9 zigcy-baby <= 1.0.6 zigcy-cosmetics <= 1.0.5 zigcy-lite <= 2.0.9

Un plugin de WordPress y varios temas de WordPress desarrollados por AccessPress Themes son vulnerables a la carga de archivos maliciosos a través de la acción plugin_offline_installer AJAX debido a la falta de una comprobación de capacidad en la función plugin_offline_installer_callback que se encuentra en el archivo /demo-functions.php o /welcome.php de los productos afectados. La lista completa de los productos afectados y sus versiones se encuentra a continuación: Plugin de WordPress: AccessPress Demo Importer versiones anteriores o iguales a 1.0.6 WordPress Themes: accesspress-basic versiones anteriores o iguales a 3.2.1 accesspress-lite versiones anteriores o iguales a 2.92 accesspress-mag versiones anteriores o iguales a 2.6.5 accesspress-parallax versiones anteriores o iguales a 4.5 accesspress-root versiones anteriores o iguales a 2.5 accesspress-store versiones anteriores o iguales a 2.4.9 agency-lite versiones anteriores o iguales a 1.1. 6 arrival versiones anteriores o iguales a 1.4.2 bingle versiones anteriores o iguales a 1.0.4 bloger versiones anteriores o iguales a 1.2.6 brovy versiones anteriores o iguales a 1.3 construction-lite versiones anteriores o iguales a 1.2.5 doko versiones anteriores o iguales a 1.0.27 edict-lite versiones anteriores o iguales a 1.1.4 eightlaw-lite versiones anteriores o iguales a 2.1.5 eightmedi-lite versiones anteriores o iguales a 2.1.8 eight-sec versiones anteriores o iguales a 1.1.4 eightstore-lite versiones anteriores o iguales a 1.2.5 enlighten versiones anteriores o iguales a 1. 3.5 fotography versiones anteriores o iguales a 2.4.0 opstore versiones anteriores o iguales a 1.4.3 parallaxsome versiones anteriores o iguales a 1.3.6 punte versiones anteriores o iguales a 1.1.2 revolve versiones anteriores o iguales a 1.3.1 ripple versiones anteriores o iguales a 1.2.0 sakala versiones anteriores o iguales a 1.0.4 scrollme versiones anteriores o iguales a 2.1.0 storevilla versiones anteriores o iguales a 1.4.1 swing-lite versiones anteriores o iguales a 1.1.9 the100 versiones anteriores o iguales a 1.1.2 the-launcher versiones anteriores o iguales a 1.3. 2 the-monday versiones anteriores o iguales a 1.4.1 ultra-seven versiones anteriores o iguales a 1.2.8 uncode-lite versiones anteriores o iguales a 1.3.3 vmag versiones anteriores o iguales a 1.2.7 vmagazine-lite versiones anteriores o iguales a 1.3.5 vmagazine-news versiones anteriores o iguales a 1.0.5 wpparallax versiones anteriores o iguales a 2.0.6 wp-store versiones anteriores o iguales a 1.1.9 zigcy-baby versiones anteriores o iguales a 1.0.6 zigcy-cosmetics versiones anteriores o iguales a 1.0.5 zigcy-lite versiones anteriores o iguales a 2.0.9

*Credits: Chloe Chamberland, Wordfence, Lenon Leite

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-08-20 CVE Reserved
2021-10-06 CVE Published
2024-06-08 EPSS Updated
2024-09-17 CVE Updated
2024-09-17 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-285: Improper Authorization
CWE-434: Unrestricted Upload of File with Dangerous Type

CAPEC

References (4)

URL	Tag	Source
https://patchstack.com/articles/authenticated-vulnerability-in-unpatched-wordpress-themes	Third Party Advisory

URL	Date	SRC
https://www.wordfence.com/blog/2021/10/high-severity-vulnerability-patched-in-access-demo-importer-plugin	2024-09-17

URL	Date	SRC
https://plugins.trac.wordpress.org/changeset/2592642/access-demo-importer/trunk/inc/demo-functions.php	2022-12-09
https://plugins.trac.wordpress.org/changeset/2602132/access-demo-importer/trunk/inc/demo-functions.php	2022-12-09

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Accesspressthemes Search vendor "Accesspressthemes"		Access Demo Importer Search vendor "Accesspressthemes" for product "Access Demo Importer"				< 1.0.7 Search vendor "Accesspressthemes" for product "Access Demo Importer" and version " < 1.0.7"		wordpress		Affected
Accesspressthemes Search vendor "Accesspressthemes"		Accesspress-lite Search vendor "Accesspressthemes" for product "Accesspress-lite"				<= 2.92 Search vendor "Accesspressthemes" for product "Accesspress-lite" and version " <= 2.92"		wordpress		Affected
Accesspressthemes Search vendor "Accesspressthemes"		Accesspress-mag Search vendor "Accesspressthemes" for product "Accesspress-mag"				<= 2.6.5 Search vendor "Accesspressthemes" for product "Accesspress-mag" and version " <= 2.6.5"		wordpress		Affected
Accesspressthemes Search vendor "Accesspressthemes"		Accesspress-parallax Search vendor "Accesspressthemes" for product "Accesspress-parallax"				<= 4.5 Search vendor "Accesspressthemes" for product "Accesspress-parallax" and version " <= 4.5"		wordpress		Affected
Accesspressthemes Search vendor "Accesspressthemes"		Accesspress-root Search vendor "Accesspressthemes" for product "Accesspress-root"				<= 2.5 Search vendor "Accesspressthemes" for product "Accesspress-root" and version " <= 2.5"		wordpress		Affected
Accesspressthemes Search vendor "Accesspressthemes"		Accesspress-store Search vendor "Accesspressthemes" for product "Accesspress-store"				<= 2.4.9 Search vendor "Accesspressthemes" for product "Accesspress-store" and version " <= 2.4.9"		wordpress		Affected
Accesspressthemes Search vendor "Accesspressthemes"		Accesspress Basic Search vendor "Accesspressthemes" for product "Accesspress Basic"				<= 3.2.1 Search vendor "Accesspressthemes" for product "Accesspress Basic" and version " <= 3.2.1"		wordpress		Affected
Accesspressthemes Search vendor "Accesspressthemes"		Agency-lite Search vendor "Accesspressthemes" for product "Agency-lite"				<= 1.1.6 Search vendor "Accesspressthemes" for product "Agency-lite" and version " <= 1.1.6"		wordpress		Affected
Accesspressthemes Search vendor "Accesspressthemes"		Arrival Search vendor "Accesspressthemes" for product "Arrival"				<= 1.4.2 Search vendor "Accesspressthemes" for product "Arrival" and version " <= 1.4.2"		wordpress		Affected
Accesspressthemes Search vendor "Accesspressthemes"		Bingle Search vendor "Accesspressthemes" for product "Bingle"				<= 1.0.4 Search vendor "Accesspressthemes" for product "Bingle" and version " <= 1.0.4"		wordpress		Affected
Accesspressthemes Search vendor "Accesspressthemes"		Bloger Search vendor "Accesspressthemes" for product "Bloger"				<= 1.2.6 Search vendor "Accesspressthemes" for product "Bloger" and version " <= 1.2.6"		wordpress		Affected
Accesspressthemes Search vendor "Accesspressthemes"		Brovy Search vendor "Accesspressthemes" for product "Brovy"				<= 1.3 Search vendor "Accesspressthemes" for product "Brovy" and version " <= 1.3"		wordpress		Affected
Accesspressthemes Search vendor "Accesspressthemes"		Construction-lite Search vendor "Accesspressthemes" for product "Construction-lite"				<= 1.2.5 Search vendor "Accesspressthemes" for product "Construction-lite" and version " <= 1.2.5"		wordpress		Affected
Accesspressthemes Search vendor "Accesspressthemes"		Doko Search vendor "Accesspressthemes" for product "Doko"				<= 1.0.27 Search vendor "Accesspressthemes" for product "Doko" and version " <= 1.0.27"		wordpress		Affected
Accesspressthemes Search vendor "Accesspressthemes"		Edict-lite Search vendor "Accesspressthemes" for product "Edict-lite"				<= 1.1.4 Search vendor "Accesspressthemes" for product "Edict-lite" and version " <= 1.1.4"		wordpress		Affected
Accesspressthemes Search vendor "Accesspressthemes"		Eight-sec Search vendor "Accesspressthemes" for product "Eight-sec"				<= 1.1.4 Search vendor "Accesspressthemes" for product "Eight-sec" and version " <= 1.1.4"		wordpress		Affected
Accesspressthemes Search vendor "Accesspressthemes"		Eightlaw-lite Search vendor "Accesspressthemes" for product "Eightlaw-lite"				<= 2.1.5 Search vendor "Accesspressthemes" for product "Eightlaw-lite" and version " <= 2.1.5"		wordpress		Affected
Accesspressthemes Search vendor "Accesspressthemes"		Eightmedi-lite Search vendor "Accesspressthemes" for product "Eightmedi-lite"				<= 2.1.8 Search vendor "Accesspressthemes" for product "Eightmedi-lite" and version " <= 2.1.8"		wordpress		Affected
Accesspressthemes Search vendor "Accesspressthemes"		Eightstore-lite Search vendor "Accesspressthemes" for product "Eightstore-lite"				<= 1.2.5 Search vendor "Accesspressthemes" for product "Eightstore-lite" and version " <= 1.2.5"		wordpress		Affected
Accesspressthemes Search vendor "Accesspressthemes"		Enlighten Search vendor "Accesspressthemes" for product "Enlighten"				<= 1.3.5 Search vendor "Accesspressthemes" for product "Enlighten" and version " <= 1.3.5"		wordpress		Affected
Accesspressthemes Search vendor "Accesspressthemes"		Fotography Search vendor "Accesspressthemes" for product "Fotography"				<= 2.4.0 Search vendor "Accesspressthemes" for product "Fotography" and version " <= 2.4.0"		wordpress		Affected
Accesspressthemes Search vendor "Accesspressthemes"		Opstore Search vendor "Accesspressthemes" for product "Opstore"				<= 1.4.3 Search vendor "Accesspressthemes" for product "Opstore" and version " <= 1.4.3"		wordpress		Affected
Accesspressthemes Search vendor "Accesspressthemes"		Parallaxsome Search vendor "Accesspressthemes" for product "Parallaxsome"				<= 1.3.6 Search vendor "Accesspressthemes" for product "Parallaxsome" and version " <= 1.3.6"		wordpress		Affected
Accesspressthemes Search vendor "Accesspressthemes"		Punte Search vendor "Accesspressthemes" for product "Punte"				<= 1.1.2 Search vendor "Accesspressthemes" for product "Punte" and version " <= 1.1.2"		wordpress		Affected
Accesspressthemes Search vendor "Accesspressthemes"		Revolve Search vendor "Accesspressthemes" for product "Revolve"				<= 1.3.1 Search vendor "Accesspressthemes" for product "Revolve" and version " <= 1.3.1"		wordpress		Affected
Accesspressthemes Search vendor "Accesspressthemes"		Ripple Search vendor "Accesspressthemes" for product "Ripple"				<= 1.2.0 Search vendor "Accesspressthemes" for product "Ripple" and version " <= 1.2.0"		wordpress		Affected
Accesspressthemes Search vendor "Accesspressthemes"		Sakala Search vendor "Accesspressthemes" for product "Sakala"				<= 1.0.4 Search vendor "Accesspressthemes" for product "Sakala" and version " <= 1.0.4"		wordpress		Affected
Accesspressthemes Search vendor "Accesspressthemes"		Scrollme Search vendor "Accesspressthemes" for product "Scrollme"				<= 2.1.0 Search vendor "Accesspressthemes" for product "Scrollme" and version " <= 2.1.0"		wordpress		Affected
Accesspressthemes Search vendor "Accesspressthemes"		Storevilla Search vendor "Accesspressthemes" for product "Storevilla"				<= 1.4.1 Search vendor "Accesspressthemes" for product "Storevilla" and version " <= 1.4.1"		wordpress		Affected
Accesspressthemes Search vendor "Accesspressthemes"		Swing-lite Search vendor "Accesspressthemes" for product "Swing-lite"				<= 1.1.9 Search vendor "Accesspressthemes" for product "Swing-lite" and version " <= 1.1.9"		wordpress		Affected
Accesspressthemes Search vendor "Accesspressthemes"		The-launcher Search vendor "Accesspressthemes" for product "The-launcher"				<= 1.3.2 Search vendor "Accesspressthemes" for product "The-launcher" and version " <= 1.3.2"		wordpress		Affected
Accesspressthemes Search vendor "Accesspressthemes"		The-monday Search vendor "Accesspressthemes" for product "The-monday"				<= 1.4.1 Search vendor "Accesspressthemes" for product "The-monday" and version " <= 1.4.1"		wordpress		Affected
Accesspressthemes Search vendor "Accesspressthemes"		The100 Search vendor "Accesspressthemes" for product "The100"				<= 1.1.2 Search vendor "Accesspressthemes" for product "The100" and version " <= 1.1.2"		wordpress		Affected
Accesspressthemes Search vendor "Accesspressthemes"		Ultra-seven Search vendor "Accesspressthemes" for product "Ultra-seven"				<= 1.2.8 Search vendor "Accesspressthemes" for product "Ultra-seven" and version " <= 1.2.8"		wordpress		Affected
Accesspressthemes Search vendor "Accesspressthemes"		Uncode-lite Search vendor "Accesspressthemes" for product "Uncode-lite"				<= 1.3.3 Search vendor "Accesspressthemes" for product "Uncode-lite" and version " <= 1.3.3"		wordpress		Affected
Accesspressthemes Search vendor "Accesspressthemes"		Vmag Search vendor "Accesspressthemes" for product "Vmag"				<= 1.2.7 Search vendor "Accesspressthemes" for product "Vmag" and version " <= 1.2.7"		wordpress		Affected
Accesspressthemes Search vendor "Accesspressthemes"		Vmagazine-lite Search vendor "Accesspressthemes" for product "Vmagazine-lite"				<= 1.3.5 Search vendor "Accesspressthemes" for product "Vmagazine-lite" and version " <= 1.3.5"		wordpress		Affected
Accesspressthemes Search vendor "Accesspressthemes"		Vmagazine-news Search vendor "Accesspressthemes" for product "Vmagazine-news"				<= 1.0.5 Search vendor "Accesspressthemes" for product "Vmagazine-news" and version " <= 1.0.5"		wordpress		Affected
Accesspressthemes Search vendor "Accesspressthemes"		Wp-store Search vendor "Accesspressthemes" for product "Wp-store"				<= 1.1.9 Search vendor "Accesspressthemes" for product "Wp-store" and version " <= 1.1.9"		wordpress		Affected
Accesspressthemes Search vendor "Accesspressthemes"		Wpparallax Search vendor "Accesspressthemes" for product "Wpparallax"				<= 2.0.6 Search vendor "Accesspressthemes" for product "Wpparallax" and version " <= 2.0.6"		wordpress		Affected
Accesspressthemes Search vendor "Accesspressthemes"		Zigcy-baby Search vendor "Accesspressthemes" for product "Zigcy-baby"				<= 1.0.6 Search vendor "Accesspressthemes" for product "Zigcy-baby" and version " <= 1.0.6"		wordpress		Affected
Accesspressthemes Search vendor "Accesspressthemes"		Zigcy-cosmetics Search vendor "Accesspressthemes" for product "Zigcy-cosmetics"				<= 1.0.5 Search vendor "Accesspressthemes" for product "Zigcy-cosmetics" and version " <= 1.0.5"		wordpress		Affected
Accesspressthemes Search vendor "Accesspressthemes"		Zigcy-lite Search vendor "Accesspressthemes" for product "Zigcy-lite"				<= 2.0.9 Search vendor "Accesspressthemes" for product "Zigcy-lite" and version " <= 2.0.9"		wordpress		Affected