Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
accesspressthemes vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2022-23975
Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an malicious user to activate any installed plugin.
Accesspressthemes Access Demo Importer
516
VMScore
CVE-2022-23976
Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an malicious user to reset all data (posts / pages / media).
Accesspressthemes Access Demo Importer
755
VMScore
CVE-2017-16949
An issue exists in the AccessKeys AccessPress Anonymous Post Pro plugin up to and including 3.1.9 for WordPress. Improper input sanitization allows the malicious user to override the settings for allowed file extensions and upload file size, related to inc/cores/file-uploader.php...
Accesspressthemes Anonymous Post Pro
1 EDB exploit
383
VMScore
CVE-2020-25378
Wordpress Plugin Store / AccessPress Themes WP Floating Menu V1.3.0 is affected by: Cross Site Scripting (XSS) via the id GET parameter.
Accesspressthemes Wp Floating Menu 1.3.0
NA
CVE-2022-4946
The Frontend Post WordPress Plugin WordPress plugin up to and including 2.8.4 does not validate an attribute of one of its shortcode, which could allow users with a role as low as contributor to add a malicious shortcode to a page/post, which will redirect users to an arbitrary d...
Accesspressthemes Frontend Post Wordpress Plugin
383
VMScore
CVE-2021-25107
The Form Store to DB WordPress plugin prior to 1.1.1 does not sanitise and escape parameter keys before outputting it back in the created entry, allowing unauthenticated malicious user to perform Cross-Site Scripting attacks against admin
Accesspressthemes Form Store To Db
578
VMScore
CVE-2021-24858
The Cookie Notification Plugin for WordPress plugin prior to 1.0.9 does not sanitise or escape the id GET parameter before using it in a SQL statement, when retrieving the setting to edit in the admin dashboard, leading to an authenticated SQL Injection
Accesspressthemes Wp Cookie User Info
668
VMScore
CVE-2017-15919
The ultimate-form-builder-lite plugin prior to 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php.
Accesspressthemes Ultimate-form-builder-lite
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651
CVE-2024-34255
elevation of privilege
CVE-2024-25529
CVE-2024-4671
NULL pointer dereference
CVE-2024-25527
template injection
CVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2