Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
accesspressthemes vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-16949
An issue exists in the AccessKeys AccessPress Anonymous Post Pro plugin up to and including 3.1.9 for WordPress. Improper input sanitization allows the malicious user to override the settings for allowed file extensions and upload file size, related to inc/cores/file-uploader.php...
Accesspressthemes Anonymous Post Pro
1 EDB exploit
8.1
CVSSv3
CVE-2022-23976
Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an malicious user to reset all data (posts / pages / media).
Accesspressthemes Access Demo Importer
8.8
CVSSv3
CVE-2023-26532
Cross-Site Request Forgery (CSRF) vulnerability in AccessPress Themes Social Auto Poster plugin <= 2.1.4 versions.
Accesspressthemes Social Auto Poster
5.4
CVSSv3
CVE-2022-4946
The Frontend Post WordPress Plugin WordPress plugin up to and including 2.8.4 does not validate an attribute of one of its shortcode, which could allow users with a role as low as contributor to add a malicious shortcode to a page/post, which will redirect users to an arbitrary d...
Accesspressthemes Frontend Post Wordpress Plugin
7.2
CVSSv3
CVE-2021-24858
The Cookie Notification Plugin for WordPress plugin prior to 1.0.9 does not sanitise or escape the id GET parameter before using it in a SQL statement, when retrieving the setting to edit in the admin dashboard, leading to an authenticated SQL Injection
Accesspressthemes Wp Cookie User Info
6.1
CVSSv3
CVE-2020-25378
Wordpress Plugin Store / AccessPress Themes WP Floating Menu V1.3.0 is affected by: Cross Site Scripting (XSS) via the id GET parameter.
Accesspressthemes Wp Floating Menu 1.3.0
6.1
CVSSv3
CVE-2021-25107
The Form Store to DB WordPress plugin prior to 1.1.1 does not sanitise and escape parameter keys before outputting it back in the created entry, allowing unauthenticated malicious user to perform Cross-Site Scripting attacks against admin
Accesspressthemes Form Store To Db
9.8
CVSSv3
CVE-2017-15919
The ultimate-form-builder-lite plugin prior to 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php.
Accesspressthemes Ultimate-form-builder-lite
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2