Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Accesspress\-Root
(Accesspressthemes)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 1 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-10-11 | CVE-2021-39317 | A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the /demo-functions.php file or /welcome.php file of the affected products. The complete list of affected products and their versions are below: WordPress Plugin: AccessPress Demo Importer <=1.0.6 WordPress Themes: accesspress-basic <=... | Access_demo_importer, Accesspress\-Lite, Accesspress\-Mag, Accesspress\-Parallax, Accesspress\-Root, Accesspress\-Store, Accesspress_basic, Agency\-Lite, Arrival, Bingle, Bloger, Brovy, Construction\-Lite, Doko, Edict\-Lite, Eight\-Sec, Eightlaw\-Lite, Eightmedi\-Lite, Eightstore\-Lite, Enlighten, Fotography, Opstore, Parallaxsome, Punte, Revolve, Ripple, Sakala, Scrollme, Storevilla, Swing\-Lite, The100, The\-Launcher, The\-Monday, Ultra\-Seven, Uncode\-Lite, Vmag, Vmagazine\-Lite, Vmagazine\-News, Wp\-Store, Wpparallax, Zigcy\-Baby, Zigcy\-Cosmetics, Zigcy\-Lite | 8.8 |