9.8
CRITICAL
CVE-2021-24867
AccessPress Themes Backdoor Vulnerability
Description

Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to avoid any confusion

INFO

Published Date :

Feb. 21, 2022, 11:15 a.m.

Last Modified :

March 2, 2022, 6:03 p.m.

Remotely Exploitable :

Yes !

Impact Score :

5.9

Exploitability Score :

3.9
Affected Products

The following products are affected by CVE-2021-24867 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Accesspressthemes ultimate-form-builder-lite
2 Accesspressthemes accesspress_basic
3 Accesspressthemes bingle
4 Accesspressthemes bloger
5 Accesspressthemes doko
6 Accesspressthemes enlighten
7 Accesspressthemes fotography
8 Accesspressthemes parallaxsome
9 Accesspressthemes punte
10 Accesspressthemes revolve
11 Accesspressthemes ripple
12 Accesspressthemes scrollme
13 Accesspressthemes storevilla
14 Accesspressthemes vmag
15 Accesspressthemes smart_logo_showcase_lite
16 Accesspressthemes wp_popup_banners
17 Accesspressthemes wp_cookie_user_info
18 Accesspressthemes accesspress_social_icons
19 Accesspressthemes ap_mega_menu
20 Accesspressthemes form_store_to_db
21 Accesspressthemes accessbuddy
22 Accesspressthemes accesspress_anonymous_post
23 Accesspressthemes accesspress_custom_css
24 Accesspressthemes accesspress_custom_post_type
25 Accesspressthemes accesspress_ifeeds
26 Accesspressthemes accesspress_lite
27 Accesspressthemes accesspress_mag
28 Accesspressthemes accesspress_parallax
29 Accesspressthemes accesspress_ray
30 Accesspressthemes accesspress_root
31 Accesspressthemes accesspress_social_counter
32 Accesspressthemes accesspress_social_login_lite
33 Accesspressthemes accesspress_social_share
34 Accesspressthemes accesspress_staple
35 Accesspressthemes accesspress_store
36 Accesspressthemes agency_lite
37 Accesspressthemes ap_companion
38 Accesspressthemes ap_contact_form
39 Accesspressthemes ap_custom_testimonial
40 Accesspressthemes ap_pricing_tables_lite
41 Accesspressthemes apex_notification_bar_lite
42 Accesspressthemes aplite
43 Accesspressthemes badge_designer_lite_for_woocommerce
44 Accesspressthemes comments_disable_-_accesspress
45 Accesspressthemes construction_lite
46 Accesspressthemes easy_side_tab
47 Accesspressthemes everest_admin_theme_lite
48 Accesspressthemes everest_coming_soon_lite
49 Accesspressthemes everest_comment_rating_lite
50 Accesspressthemes everest_counter_lite
51 Accesspressthemes everest_faq_manager_lite
52 Accesspressthemes everest_gallery_lite
53 Accesspressthemes everest_gplaces_business_reviews
54 Accesspressthemes everest_review_lite
55 Accesspressthemes everest_tab_lite
56 Accesspressthemes everest_timeline_lite
57 Accesspressthemes fashstore
58 Accesspressthemes gaga_corp
59 Accesspressthemes gaga_lite
60 Accesspressthemes inline_call_to_action_builder_lite
61 Accesspressthemes mcontact_button
62 Accesspressthemes one-paze
63 Accesspressthemes parallax_blog
64 Accesspressthemes pi_button
65 Accesspressthemes product_slider_for_woocommerce_lite
66 Accesspressthemes smart_scroll_posts
67 Accesspressthemes smart_scroll_to_top_lite
68 Accesspressthemes social_auto_poster
69 Accesspressthemes social_review
70 Accesspressthemes sportsmag
71 Accesspressthemes swing_lite
72 Accesspressthemes tauto_poster
73 Accesspressthemes the_launcher
74 Accesspressthemes the_monday
75 Accesspressthemes total_gdpr_compliance_lite
76 Accesspressthemes total_team_lite
77 Accesspressthemes ultimate_author_box_lite
78 Accesspressthemes uncode_lite
79 Accesspressthemes unicon_lite
80 Accesspressthemes vmagazine_lite
81 Accesspressthemes vmagazine_news
82 Accesspressthemes wp_1_slider
83 Accesspressthemes wp_blog_manager_lite
84 Accesspressthemes wp_comment_designer_lite
85 Accesspressthemes wp_floating_menu
86 Accesspressthemes wp_media_manager_lite
87 Accesspressthemes wp_menu_icons_lite
88 Accesspressthemes wp_popup_lite
89 Accesspressthemes wp_product_gallery_lite
90 Accesspressthemes wp_tfeed
91 Accesspressthemes zigcy_baby
92 Accesspressthemes zigcy_cosmetics
93 Accesspressthemes zigcy_lite
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2021-24867.

URL Resource
https://jetpack.com/2022/01/18/backdoor-found-in-themes-and-plugins-from-accesspress-themes/ Exploit Third Party Advisory
https://wpscan.com/vulnerability/9c76bada-fa32-4c2f-9855-d0efd1e63eff Exploit Third Party Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2021-24867 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2021-24867 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • Initial Analysis by [email protected]

    Mar. 02, 2022

    Action Type Old Value New Value
    Added CVSS V2 NIST (AV:N/AC:L/Au:N/C:P/I:P/A:P)
    Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://jetpack.com/2022/01/18/backdoor-found-in-themes-and-plugins-from-accesspress-themes/ No Types Assigned https://jetpack.com/2022/01/18/backdoor-found-in-themes-and-plugins-from-accesspress-themes/ Exploit, Third Party Advisory
    Changed Reference Type https://wpscan.com/vulnerability/9c76bada-fa32-4c2f-9855-d0efd1e63eff No Types Assigned https://wpscan.com/vulnerability/9c76bada-fa32-4c2f-9855-d0efd1e63eff Exploit, Third Party Advisory
    Added CPE Configuration OR *cpe:2.3:a:accesspressthemes:accessbuddy:1.0.0:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:accesspress_anonymous_post:2.8.0:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:accesspress_basic:3.2.1:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:accesspress_custom_css:2.0.1:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:accesspress_custom_post_type:1.0.8:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:accesspress_ifeeds:4.0.3:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:accesspress_lite:2.92:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:accesspress_mag:2.6.5:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:accesspress_parallax:4.5:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:accesspress_ray:1.19.5:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:accesspress_root:2.5:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:accesspress_social_counter:1.9.1:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:accesspress_social_icons:1.8.2:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:accesspress_social_login_lite:3.4.7:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:accesspress_social_share:4.5.5:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:accesspress_staple:1.9.1:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:accesspress_store:2.4.9:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:agency_lite:1.1.6:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:ap_companion:*:*:*:*:*:wordpress:*:* versions up to (excluding) 1.0.7 *cpe:2.3:a:accesspressthemes:ap_contact_form:1.0.6:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:ap_custom_testimonial:1.4.6:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:ap_mega_menu:3.0.5:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:ap_pricing_tables_lite:1.1.2:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:apex_notification_bar_lite:2.0.4:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:aplite:1.0.6:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:badge_designer_lite_for_woocommerce:1.1.0:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:bingle:1.0.4:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:bloger:1.2.6:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:comments_disable_-_accesspress:1.0.7:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:construction_lite:1.2.5:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:doko:1.0.27:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:easy_side_tab:1.0.7:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:enlighten:1.3.5:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:everest_admin_theme_lite:1.0.7:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:everest_coming_soon_lite:1.1.0:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:everest_comment_rating_lite:2.0.4:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:everest_counter_lite:2.0.7:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:everest_faq_manager_lite:1.0.8:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:everest_gallery_lite:1.0.8:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:everest_gplaces_business_reviews:1.0.9:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:everest_review_lite:1.0.7:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:everest_tab_lite:2.0.3:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:everest_timeline_lite:1.1.1:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:fashstore:1.2.1:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:form_store_to_db:1.0.9:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:fotography:2.4.0:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:gaga_corp:1.0.8:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:gaga_lite:1.4.2:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:inline_call_to_action_builder_lite:1.1.0:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:mcontact_button:*:*:*:*:*:wordpress:*:* versions up to (excluding) 2.0.7 *cpe:2.3:a:accesspressthemes:one-paze:2.2.8:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:parallax_blog:3.1.1574941215:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:parallaxsome:1.3.6:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:pi_button:3.3.3:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:product_slider_for_woocommerce_lite:1.1.5:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:punte:1.1.2:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:revolve:1.3.1:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:ripple:1.2.0:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:scrollme:2.1.0:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:smart_logo_showcase_lite:1.1.7:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:smart_scroll_posts:2.0.8:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:smart_scroll_to_top_lite:1.0.3:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:social_auto_poster:2.1.3:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:social_review:*:*:*:*:*:wordpress:*:* versions up to (excluding) 1.0.9 *cpe:2.3:a:accesspressthemes:sportsmag:1.2.1:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:storevilla:1.4.1:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:swing_lite:1.1.9:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:tauto_poster:1.4.5:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:the_launcher:1.3.2:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:the_monday:1.4.1:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:total_gdpr_compliance_lite:1.0.4:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:total_team_lite:1.1.1:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:ultimate-form-builder-lite:1.5.0:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:ultimate_author_box_lite:1.1.2:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:uncode_lite:1.3.1:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:unicon_lite:1.2.6:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:vmag:1.2.7:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:vmagazine_lite:1.3.5:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:vmagazine_news:1.0.5:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:wp_1_slider:1.2.9:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:wp_blog_manager_lite:1.1.0:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:wp_comment_designer_lite:2.0.3:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:wp_cookie_user_info:1.0.7:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:wp_floating_menu:1.4.4:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:wp_media_manager_lite:1.1.2:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:wp_menu_icons_lite:*:*:*:*:*:wordpress:*:* versions up to (excluding) 1.0.9 *cpe:2.3:a:accesspressthemes:wp_popup_banners:1.2.3:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:wp_popup_lite:1.0.8:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:wp_product_gallery_lite:1.1.1:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:wp_tfeed:1.6.7:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:zigcy_baby:1.0.6:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:zigcy_cosmetics:1.0.5:*:*:*:*:wordpress:*:* *cpe:2.3:a:accesspressthemes:zigcy_lite:2.0.9:*:*:*:*:wordpress:*:*
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2021-24867 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2021-24867 weaknesses.

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

0.49 }} 0.05%

score

0.76555

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability