Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
accesspressthemes vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-16949
An issue exists in the AccessKeys AccessPress Anonymous Post Pro plugin up to and including 3.1.9 for WordPress. Improper input sanitization allows the malicious user to override the settings for allowed file extensions and upload file size, related to inc/cores/file-uploader.php...
Accesspressthemes Anonymous Post Pro
1 EDB exploit
6.5
CVSSv3
CVE-2022-23975
Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an malicious user to activate any installed plugin.
Accesspressthemes Access Demo Importer
7.2
CVSSv3
CVE-2022-23911
The Testimonial WordPress Plugin WordPress plugin prior to 1.4.7 does not validate and escape the id parameter before using it in a SQL statement when retrieving a testimonial to edit, leading to a SQL Injection
Accesspressthemes Ap Custom Testimonial
7.2
CVSSv3
CVE-2021-24858
The Cookie Notification Plugin for WordPress plugin prior to 1.0.9 does not sanitise or escape the id GET parameter before using it in a SQL statement, when retrieving the setting to edit in the admin dashboard, leading to an authenticated SQL Injection
Accesspressthemes Wp Cookie User Info
6.1
CVSSv3
CVE-2021-25107
The Form Store to DB WordPress plugin prior to 1.1.1 does not sanitise and escape parameter keys before outputting it back in the created entry, allowing unauthenticated malicious user to perform Cross-Site Scripting attacks against admin
Accesspressthemes Form Store To Db
5.4
CVSSv3
CVE-2022-4946
The Frontend Post WordPress Plugin WordPress plugin up to and including 2.8.4 does not validate an attribute of one of its shortcode, which could allow users with a role as low as contributor to add a malicious shortcode to a page/post, which will redirect users to an arbitrary d...
Accesspressthemes Frontend Post Wordpress Plugin
9.8
CVSSv3
CVE-2017-15919
The ultimate-form-builder-lite plugin prior to 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php.
Accesspressthemes Ultimate-form-builder-lite
6.1
CVSSv3
CVE-2020-25378
Wordpress Plugin Store / AccessPress Themes WP Floating Menu V1.3.0 is affected by: Cross Site Scripting (XSS) via the id GET parameter.
Accesspressthemes Wp Floating Menu 1.3.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2024-34413
CVE-2024-34089
CVE-2024-33408
local
SQL
CVE-2024-0402
CVE-2024-33910
CVE-2024-31848
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2