Shodan
Vulnerabilities
Vulnerable Software
Accesspressthemes:  Security Vulnerabilities
CVE-2023-26532
Cross-Site Request Forgery (CSRF) vulnerability in AccessPress Themes Social Auto Poster plugin <= 2.1.4 versions.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-11-22
CVE-2023-26518
Cross-Site Request Forgery (CSRF) vulnerability in AccessPress Themes WP TFeed plugin <= 1.6.9 versions.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-11-13
CVE-2022-4946
The Frontend Post WordPress Plugin WordPress plugin through 2.8.4 does not validate an attribute of one of its shortcode, which could allow users with a role as low as contributor to add a malicious shortcode to a page/post, which will redirect users to an arbitrary domain.
CVSS Score
5.4
EPSS Score
0.003
Published
2023-06-05
CVE-2023-28661
The WP Popup Banners WordPress Plugin, version <= 1.2.5, is affected by an authenticated SQL injection vulnerability in the 'value' parameter in the get_popup_data action.
CVSS Score
8.8
EPSS Score
0.003
Published
2023-03-22
CVE-2023-0175
The Responsive Clients Logo Gallery Plugin for WordPress plugin through 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-03-20
CVE-2022-23975
Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker to activate any installed plugin.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-04-18
CVE-2022-23976
Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker to reset all data (posts / pages / media).
CVSS Score
8.1
EPSS Score
0.002
Published
2022-04-18
CVE-2022-0628
The Mega Menu WordPress plugin before 3.0.8 does not sanitize and escape the _wpnonce parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-03-21
CVE-2022-23911
The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does not validate and escape the id parameter before using it in a SQL statement when retrieving a testimonial to edit, leading to a SQL Injection
CVSS Score
7.2
EPSS Score
0.006
Published
2022-02-28
CVE-2022-23912
The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does not sanitise and escape the id parameter before outputting it back in an attribute, leading to a Reflected cross-Site Scripting
CVSS Score
6.1
EPSS Score
0.002
Published
2022-02-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved