CVE-2021-39317

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 11-10-2021 06:15

Last modified: - 19-02-2022 05:43

Total changes: - 5

Description

A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the /demo-functions.php file or /welcome.php file of the affected products. The complete list of affected products and their versions are below: WordPress Plugin: AccessPress Demo Importer <=1.0.6 WordPress Themes: accesspress-basic <= 3.2.1 accesspress-lite <= 2.92 accesspress-mag <= 2.6.5 accesspress-parallax <= 4.5 accesspress-root <= 2.5 accesspress-store <= 2.4.9 agency-lite <= 1.1.6 arrival <= 1.4.2 bingle <= 1.0.4 bloger <= 1.2.6 brovy <= 1.3 construction-lite <= 1.2.5 doko <= 1.0.27 edict-lite <= 1.1.4 eightlaw-lite <= 2.1.5 eightmedi-lite <= 2.1.8 eight-sec <= 1.1.4 eightstore-lite <= 1.2.5 enlighten <= 1.3.5 fotography <= 2.4.0 opstore <= 1.4.3 parallaxsome <= 1.3.6 punte <= 1.1.2 revolve <= 1.3.1 ripple <= 1.2.0 sakala <= 1.0.4 scrollme <= 2.1.0 storevilla <= 1.4.1 swing-lite <= 1.1.9 the100 <= 1.1.2 the-launcher <= 1.3.2 the-monday <= 1.4.1 ultra-seven <= 1.2.8 uncode-lite <= 1.3.3 vmag <= 1.2.7 vmagazine-lite <= 1.3.5 vmagazine-news <= 1.0.5 wpparallax <= 2.0.6 wp-store <= 1.1.9 zigcy-baby <= 1.0.6 zigcy-cosmetics <= 1.0.5 zigcy-lite <= 2.0.9

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Low

Attack complexity

Network

Attack vector

High

Availability

High

Confidentiality

High

Integrity

Low

Privileges required

Unchanged

Scope

None

User interaction

8.8

Base score

2.8

5.9

Exploitability score

Impact score

Verification logic

vendor=accesspressthemes AND product=access_demo_importer AND target_software=wordpress AND versionEndExcluding=1.0.7

vendor=accesspressthemes AND product=accesspress-basic AND target_software=wordpress AND versionEndIncluding=3.2.1

vendor=accesspressthemes AND product=accesspress-lite AND target_software=wordpress AND versionEndIncluding=2.92

vendor=accesspressthemes AND product=accesspress-mag AND target_software=wordpress AND versionEndIncluding=2.6.5

vendor=accesspressthemes AND product=accesspress-parallax AND target_software=wordpress AND versionEndIncluding=4.5

vendor=accesspressthemes AND product=accesspress-root AND target_software=wordpress AND versionEndIncluding=2.5

vendor=accesspressthemes AND product=accesspress-store AND target_software=wordpress AND versionEndIncluding=2.4.9

vendor=accesspressthemes AND product=agency-lite AND target_software=wordpress AND versionEndIncluding=1.1.6

vendor=accesspressthemes AND product=arrival AND target_software=wordpress AND versionEndIncluding=1.4.2

vendor=accesspressthemes AND product=bingle AND target_software=wordpress AND versionEndIncluding=1.0.4

vendor=accesspressthemes AND product=bloger AND target_software=wordpress AND versionEndIncluding=1.2.6

vendor=accesspressthemes AND product=brovy AND target_software=wordpress AND versionEndIncluding=1.3

vendor=accesspressthemes AND product=construction-lite AND target_software=wordpress AND versionEndIncluding=1.2.5

vendor=accesspressthemes AND product=doko AND target_software=wordpress AND versionEndIncluding=1.0.27

vendor=accesspressthemes AND product=edict-lite AND target_software=wordpress AND versionEndIncluding=1.1.4

vendor=accesspressthemes AND product=eight-sec AND target_software=wordpress AND versionEndIncluding=1.1.4

vendor=accesspressthemes AND product=eightlaw-lite AND target_software=wordpress AND versionEndIncluding=2.1.5

vendor=accesspressthemes AND product=eightmedi-lite AND target_software=wordpress AND versionEndIncluding=2.1.8

vendor=accesspressthemes AND product=eightstore-lite AND target_software=wordpress AND versionEndIncluding=1.2.5

vendor=accesspressthemes AND product=enlighten AND target_software=wordpress AND versionEndIncluding=1.3.5

vendor=accesspressthemes AND product=fotography AND target_software=wordpress AND versionEndIncluding=2.4.0

vendor=accesspressthemes AND product=opstore AND target_software=wordpress AND versionEndIncluding=1.4.3

vendor=accesspressthemes AND product=parallaxsome AND target_software=wordpress AND versionEndIncluding=1.3.6

vendor=accesspressthemes AND product=punte AND target_software=wordpress AND versionEndIncluding=1.1.2

vendor=accesspressthemes AND product=revolve AND target_software=wordpress AND versionEndIncluding=1.3.1

vendor=accesspressthemes AND product=ripple AND target_software=wordpress AND versionEndIncluding=1.2.0

vendor=accesspressthemes AND product=sakala AND target_software=wordpress AND versionEndIncluding=1.0.4

vendor=accesspressthemes AND product=scrollme AND target_software=wordpress AND versionEndIncluding=2.1.0

vendor=accesspressthemes AND product=storevilla AND target_software=wordpress AND versionEndIncluding=1.4.1

vendor=accesspressthemes AND product=swing-lite AND target_software=wordpress AND versionEndIncluding=1.1.9

vendor=accesspressthemes AND product=the-launcher AND target_software=wordpress AND versionEndIncluding=1.3.2

vendor=accesspressthemes AND product=the-monday AND target_software=wordpress AND versionEndIncluding=1.4.1

vendor=accesspressthemes AND product=the100 AND target_software=wordpress AND versionEndIncluding=1.1.2

vendor=accesspressthemes AND product=ultra-seven AND target_software=wordpress AND versionEndIncluding=1.2.8

vendor=accesspressthemes AND product=uncode-lite AND target_software=wordpress AND versionEndIncluding=1.3.3

vendor=accesspressthemes AND product=vmag AND target_software=wordpress AND versionEndIncluding=1.2.7

vendor=accesspressthemes AND product=vmagazine-lite AND target_software=wordpress AND versionEndIncluding=1.3.5

vendor=accesspressthemes AND product=vmagazine-news AND target_software=wordpress AND versionEndIncluding=1.0.5

vendor=accesspressthemes AND product=wp-store AND target_software=wordpress AND versionEndIncluding=1.1.9

vendor=accesspressthemes AND product=wpparallax AND target_software=wordpress AND versionEndIncluding=2.0.6

vendor=accesspressthemes AND product=zigcy-baby AND target_software=wordpress AND versionEndIncluding=1.0.6

vendor=accesspressthemes AND product=zigcy-cosmetics AND target_software=wordpress AND versionEndIncluding=1.0.5

vendor=accesspressthemes AND product=zigcy-lite AND target_software=wordpress AND versionEndIncluding=2.0.9

Reference

Keywords

CVE-2021-39317

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2021-39317

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures