{"containers":{"cna":{"affected":[{"product":"Access Demo Importer","vendor":"AccessPress Themes","versions":[{"lessThanOrEqual":"1.0.6","status":"affected","version":"1.0.6","versionType":"custom"}]},{"product":"accesspress-basic","vendor":"AccessPress Themes","versions":[{"lessThanOrEqual":"3.2.1","status":"affected","version":"3.2.1","versionType":"custom"}]},{"product":"accesspress-lite","vendor":"AccessPress Themes","versions":[{"lessThanOrEqual":"2.9.2","status":"affected","version":"2.9.2","versionType":"custom"}]},{"product":"accesspress-mag","vendor":"AccessPress Themes","versions":[{"lessThanOrEqual":"2.6.5","status":"affected","version":"2.6.5","versionType":"custom"}]},{"product":"accesspress-parallax","vendor":"AccessPress Themes","versions":[{"lessThanOrEqual":"4.5","status":"affected","version":"4.5","versionType":"custom"}]},{"product":"accesspress-root","vendor":"AccessPress Themes","versions":[{"lessThanOrEqual":"2.5","status":"affected","version":"2.5","versionType":"custom"}]},{"product":"accesspress-store","vendor":"AccessPress Themes","versions":[{"lessThanOrEqual":"2.4.9","status":"affected","version":"2.4.9","versionType":"custom"}]},{"product":"agency-lite","vendor":"AccessPress Themes","versions":[{"lessThanOrEqual":"1.1.6","status":"affected","version":"1.1.6","versionType":"custom"}]},{"product":"arrival","vendor":"AccessPress Themes","versions":[{"lessThanOrEqual":"1.4.2","status":"affected","version":"1.4.2","versionType":"custom"}]},{"product":"bingle","vendor":"AccessPress Themes","versions":[{"lessThanOrEqual":"1.0.4","status":"affected","version":"1.0.4","versionType":"custom"}]},{"product":"bloger","vendor":"AccessPress Themes","versions":[{"lessThanOrEqual":"1.2.6","status":"affected","version":"1.2.6","versionType":"custom"}]},{"product":"brovy","vendor":"AccessPress Themes","versions":[{"lessThanOrEqual":"1.3","status":"affected","version":"1.3","versionType":"custom"}]},{"product":"construction-lite","vendor":"AccessPress Themes","versions":[{"lessThanOrEqual":"1.2.5","status":"affected","version":"1.2.5","versionType":"custom"}]},{"product":"doko","vendor":"AccessPress Themes","versions":[{"lessThanOrEqual":"1.0.27","status":"affected","version":"1.0.27","versionType":"custom"}]},{"product":"edict-lite","vendor":"AccessPress Themes","versions":[{"lessThanOrEqual":"1.1.4","status":"affected","version":"1.1.4","versionType":"custom"}]},{"product":"enlighten","vendor":"AccessPress Themes","versions":[{"lessThanOrEqual":"1.3.5","status":"affected","version":"1.3.5","versionType":"custom"}]},{"product":"fotography","vendor":"AccessPress Themes","versions":[{"lessThanOrEqual":"2.4.0","status":"affected","version":"2.4.0","versionType":"custom"}]},{"product":"opstore","vendor":"AccessPress Themes","versions":[{"lessThanOrEqual":"1.4.3","status":"affected","version":"1.4.3","versionType":"custom"}]},{"product":"parallaxsome","vendor":"AccessPress Themes","versions":[{"lessThanOrEqual":"1.3.6","status":"affected","version":"1.3.6","versionType":"custom"}]},{"product":"punte","vendor":"AccessPress Themes","versions":[{"lessThanOrEqual":"1.1.2","status":"affected","version":"1.1.2","versionType":"custom"}]},{"product":"revolve","vendor":"AccessPress Themes","versions":[{"lessThanOrEqual":"1.3.1","status":"affected","version":"1.3.1","versionType":"custom"}]},{"product":"ripple","vendor":"AccessPress Themes","versions":[{"lessThanOrEqual":"1.2.0","status":"affected","version":"1.2.0","versionType":"custom"}]},{"product":"sakala","vendor":"AccessPress Themes","versions":[{"lessThanOrEqual":"1.0.4","status":"affected","version":"1.0.4","versionType":"custom"}]},{"product":"scrollme","vendor":"AccessPress Themes","versions":[{"lessThanOrEqual":"2.1.0","status":"affected","version":"2.1.0","versionType":"custom"}]},{"product":"storevilla","vendor":"AccessPress Themes","versions":[{"lessThanOrEqual":"1.4.1","status":"affected","version":"1.4.1","versionType":"custom"}]},{"product":"swing-lite","vendor":"AccessPress Themes","versions":[{"lessThanOrEqual":"1.1.9","status":"affected","version":"1.1.9","versionType":"custom"}]},{"product":"swing-lite","vendor":"AccessPress Themes","versions":[{"lessThanOrEqual":"1.1.9","status":"affected","version":"1.1.9","versionType":"custom"}]},{"product":"the100","vendor":"AccessPress Themes","versions":[{"lessThanOrEqual":"1.1.2","status":"affected","version":"1.1.2","versionType":"custom"}]},{"product":"the-launcher","vendor":"AccessPress Themes","versions":[{"lessThanOrEqual":"1.3.2","status":"affected","version":"1.3.2","versionType":"custom"}]},{"product":"the-monday","vendor":"AccessPress Themes","versions":[{"lessThanOrEqual":"1.4.1","status":"affected","version":"1.4.1","versionType":"custom"}]},{"product":"ultra-seven","vendor":"AccessPress Themes","versions":[{"lessThanOrEqual":"1.2.8","status":"affected","version":"1.2.8","versionType":"custom"}]},{"product":"uncode-lite","vendor":"AccessPress Themes","versions":[{"lessThanOrEqual":"1.3.3","status":"affected","version":"1.3.3","versionType":"custom"}]},{"product":"vmag","vendor":"AccessPress Themes","versions":[{"lessThanOrEqual":"1.2.7","status":"affected","version":"1.2.7","versionType":"custom"}]},{"product":"vmagazine-lite","vendor":"AccessPress Themes","versions":[{"lessThanOrEqual":"1.3.5","status":"affected","version":"1.3.5","versionType":"custom"}]},{"product":"vmagazine-news","vendor":"AccessPress Themes","versions":[{"lessThanOrEqual":"1.0.5","status":"affected","version":"1.0.5","versionType":"custom"}]},{"product":"wpparallax","vendor":"AccessPress Themes","versions":[{"lessThanOrEqual":"2.0.6","status":"affected","version":"2.0.6","versionType":"custom"}]},{"product":"wp-store","vendor":"AccessPress Themes","versions":[{"lessThanOrEqual":"1.1.9","status":"affected","version":"1.1.9","versionType":"custom"}]},{"product":"zigcy-baby","vendor":"AccessPress Themes","versions":[{"lessThanOrEqual":"1.0.6","status":"affected","version":"1.0.6","versionType":"custom"}]},{"product":"zigcy-cosmetics","vendor":"AccessPress Themes","versions":[{"lessThanOrEqual":"1.0.5","status":"affected","version":"1.0.5","versionType":"custom"}]},{"product":"zigcy-lite","vendor":"AccessPress Themes","versions":[{"lessThanOrEqual":"2.0.9","status":"affected","version":"2.0.9","versionType":"custom"}]}],"credits":[{"lang":"en","value":"Chloe Chamberland, Wordfence"},{"lang":"en","value":"Lenon Leite"}],"datePublic":"2021-10-06T00:00:00.000Z","descriptions":[{"lang":"en","value":"A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the /demo-functions.php file or /welcome.php file of the affected products. The complete list of affected products and their versions are below: WordPress Plugin: AccessPress Demo Importer <=1.0.6 WordPress Themes: accesspress-basic <= 3.2.1 accesspress-lite <= 2.92 accesspress-mag <= 2.6.5 accesspress-parallax <= 4.5 accesspress-root <= 2.5 accesspress-store <= 2.4.9 agency-lite <= 1.1.6 arrival <= 1.4.2 bingle <= 1.0.4 bloger <= 1.2.6 brovy <= 1.3 construction-lite <= 1.2.5 doko <= 1.0.27 edict-lite <= 1.1.4 eightlaw-lite <= 2.1.5 eightmedi-lite <= 2.1.8 eight-sec <= 1.1.4 eightstore-lite <= 1.2.5 enlighten <= 1.3.5 fotography <= 2.4.0 opstore <= 1.4.3 parallaxsome <= 1.3.6 punte <= 1.1.2 revolve <= 1.3.1 ripple <= 1.2.0 sakala <= 1.0.4 scrollme <= 2.1.0 storevilla <= 1.4.1 swing-lite <= 1.1.9 the100 <= 1.1.2 the-launcher <= 1.3.2 the-monday <= 1.4.1 ultra-seven <= 1.2.8 uncode-lite <= 1.3.3 vmag <= 1.2.7 vmagazine-lite <= 1.3.5 vmagazine-news <= 1.0.5 wpparallax <= 2.0.6 wp-store <= 1.1.9 zigcy-baby <= 1.0.6 zigcy-cosmetics <= 1.0.5 zigcy-lite <= 2.0.9"}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-285","description":"CWE-285 Improper Authorization","lang":"en","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-434","description":"CWE-434 Unrestricted Upload of File with Dangerous Type","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2022-01-13T20:27:30.000Z","orgId":"b15e7b5b-3da4-40ae-a43c-f7aa60e62599","shortName":"Wordfence"},"references":[{"tags":["x_refsource_MISC"],"url":"https://www.wordfence.com/blog/2021/10/high-severity-vulnerability-patched-in-access-demo-importer-plugin/"},{"tags":["x_refsource_MISC"],"url":"https://plugins.trac.wordpress.org/changeset/2592642/access-demo-importer/trunk/inc/demo-functions.php"},{"tags":["x_refsource_MISC"],"url":"https://plugins.trac.wordpress.org/changeset/2602132/access-demo-importer/trunk/inc/demo-functions.php"},{"tags":["x_refsource_MISC"],"url":"https://patchstack.com/articles/authenticated-vulnerability-in-unpatched-wordpress-themes/"}],"solutions":[{"lang":"en","value":"Update to the latest available version of software for each, or uninstall from WordPress site if no updated software available."}],"source":{"discovery":"INTERNAL"},"title":"AccessPress Themes -  Authenticated Malicious File Upload","x_generator":{"engine":"Vulnogram 0.0.9"},"x_legacyV4Record":{"CVE_data_meta":{"AKA":"Wordfence","ASSIGNER":"security@wordfence.com","DATE_PUBLIC":"2021-10-06T19:17:00.000Z","ID":"CVE-2021-39317","STATE":"PUBLIC","TITLE":"AccessPress Themes -  Authenticated Malicious File Upload"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Access Demo Importer","version":{"version_data":[{"version_affected":"<=","version_name":"1.0.6","version_value":"1.0.6"}]}},{"product_name":"accesspress-basic","version":{"version_data":[{"version_affected":"<=","version_name":"3.2.1","version_value":"3.2.1"}]}},{"product_name":"accesspress-lite","version":{"version_data":[{"version_affected":"<=","version_name":"2.9.2","version_value":"2.9.2"}]}},{"product_name":"accesspress-mag","version":{"version_data":[{"version_affected":"<=","version_name":"2.6.5","version_value":"2.6.5"}]}},{"product_name":"accesspress-parallax","version":{"version_data":[{"version_affected":"<=","version_name":"4.5","version_value":"4.5"}]}},{"product_name":"accesspress-root","version":{"version_data":[{"version_affected":"<=","version_name":"2.5","version_value":"2.5"}]}},{"product_name":"accesspress-store","version":{"version_data":[{"version_affected":"<=","version_name":"2.4.9","version_value":"2.4.9"}]}},{"product_name":"agency-lite","version":{"version_data":[{"version_affected":"<=","version_name":"1.1.6","version_value":"1.1.6"}]}},{"product_name":"arrival","version":{"version_data":[{"version_affected":"<=","version_name":"1.4.2","version_value":"1.4.2"}]}},{"product_name":"bingle","version":{"version_data":[{"version_affected":"<=","version_name":"1.0.4","version_value":"1.0.4"}]}},{"product_name":"bloger","version":{"version_data":[{"version_affected":"<=","version_name":"1.2.6","version_value":"1.2.6"}]}},{"product_name":"brovy","version":{"version_data":[{"version_affected":"<=","version_name":"1.3","version_value":"1.3"}]}},{"product_name":"construction-lite","version":{"version_data":[{"version_affected":"<=","version_name":"1.2.5","version_value":"1.2.5"}]}},{"product_name":"doko","version":{"version_data":[{"version_affected":"<=","version_name":"1.0.27","version_value":"1.0.27"}]}},{"product_name":"edict-lite","version":{"version_data":[{"version_affected":"<=","version_name":"1.1.4","version_value":"1.1.4"}]}},{"product_name":"enlighten","version":{"version_data":[{"version_affected":"<=","version_name":"1.3.5","version_value":"1.3.5"}]}},{"product_name":"fotography","version":{"version_data":[{"version_affected":"<=","version_name":"2.4.0","version_value":"2.4.0"}]}},{"product_name":"opstore","version":{"version_data":[{"version_affected":"<=","version_name":"1.4.3","version_value":"1.4.3"}]}},{"product_name":"parallaxsome","version":{"version_data":[{"version_affected":"<=","version_name":"1.3.6","version_value":"1.3.6"}]}},{"product_name":"punte","version":{"version_data":[{"version_affected":"<=","version_name":"1.1.2","version_value":"1.1.2"}]}},{"product_name":"revolve","version":{"version_data":[{"version_affected":"<=","version_name":"1.3.1","version_value":"1.3.1"}]}},{"product_name":"ripple","version":{"version_data":[{"version_affected":"<=","version_name":"1.2.0","version_value":"1.2.0"}]}},{"product_name":"sakala","version":{"version_data":[{"version_affected":"<=","version_name":"1.0.4","version_value":"1.0.4"}]}},{"product_name":"scrollme","version":{"version_data":[{"version_affected":"<=","version_name":"2.1.0","version_value":"2.1.0"}]}},{"product_name":"storevilla","version":{"version_data":[{"version_affected":"<=","version_name":"1.4.1","version_value":"1.4.1"}]}},{"product_name":"swing-lite","version":{"version_data":[{"version_affected":"<=","version_name":"1.1.9","version_value":"1.1.9"}]}},{"product_name":"swing-lite","version":{"version_data":[{"version_affected":"<=","version_name":"1.1.9","version_value":"1.1.9"}]}},{"product_name":"the100","version":{"version_data":[{"version_affected":"<=","version_name":"1.1.2","version_value":"1.1.2"}]}},{"product_name":"the-launcher","version":{"version_data":[{"version_affected":"<=","version_name":"1.3.2","version_value":"1.3.2"}]}},{"product_name":"the-monday","version":{"version_data":[{"version_affected":"<=","version_name":"1.4.1","version_value":"1.4.1"}]}},{"product_name":"ultra-seven","version":{"version_data":[{"version_affected":"<=","version_name":"1.2.8","version_value":"1.2.8"}]}},{"product_name":"uncode-lite","version":{"version_data":[{"version_affected":"<=","version_name":"1.3.3","version_value":"1.3.3"}]}},{"product_name":"vmag","version":{"version_data":[{"version_affected":"<=","version_name":"1.2.7","version_value":"1.2.7"}]}},{"product_name":"vmagazine-lite","version":{"version_data":[{"version_affected":"<=","version_name":"1.3.5","version_value":"1.3.5"}]}},{"product_name":"vmagazine-news","version":{"version_data":[{"version_affected":"<=","version_name":"1.0.5","version_value":"1.0.5"}]}},{"product_name":"wpparallax","version":{"version_data":[{"version_affected":"<=","version_name":"2.0.6","version_value":"2.0.6"}]}},{"product_name":"wp-store","version":{"version_data":[{"version_affected":"<=","version_name":"1.1.9","version_value":"1.1.9"}]}},{"product_name":"zigcy-baby","version":{"version_data":[{"version_affected":"<=","version_name":"1.0.6","version_value":"1.0.6"}]}},{"product_name":"zigcy-cosmetics","version":{"version_data":[{"version_affected":"<=","version_name":"1.0.5","version_value":"1.0.5"}]}},{"product_name":"zigcy-lite","version":{"version_data":[{"version_affected":"<=","version_name":"2.0.9","version_value":"2.0.9"}]}}]},"vendor_name":"AccessPress Themes"}]}},"credit":[{"lang":"eng","value":"Chloe Chamberland, Wordfence"},{"lang":"eng","value":"Lenon Leite"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the /demo-functions.php file or /welcome.php file of the affected products. The complete list of affected products and their versions are below: WordPress Plugin: AccessPress Demo Importer <=1.0.6 WordPress Themes: accesspress-basic <= 3.2.1 accesspress-lite <= 2.92 accesspress-mag <= 2.6.5 accesspress-parallax <= 4.5 accesspress-root <= 2.5 accesspress-store <= 2.4.9 agency-lite <= 1.1.6 arrival <= 1.4.2 bingle <= 1.0.4 bloger <= 1.2.6 brovy <= 1.3 construction-lite <= 1.2.5 doko <= 1.0.27 edict-lite <= 1.1.4 eightlaw-lite <= 2.1.5 eightmedi-lite <= 2.1.8 eight-sec <= 1.1.4 eightstore-lite <= 1.2.5 enlighten <= 1.3.5 fotography <= 2.4.0 opstore <= 1.4.3 parallaxsome <= 1.3.6 punte <= 1.1.2 revolve <= 1.3.1 ripple <= 1.2.0 sakala <= 1.0.4 scrollme <= 2.1.0 storevilla <= 1.4.1 swing-lite <= 1.1.9 the100 <= 1.1.2 the-launcher <= 1.3.2 the-monday <= 1.4.1 ultra-seven <= 1.2.8 uncode-lite <= 1.3.3 vmag <= 1.2.7 vmagazine-lite <= 1.3.5 vmagazine-news <= 1.0.5 wpparallax <= 2.0.6 wp-store <= 1.1.9 zigcy-baby <= 1.0.6 zigcy-cosmetics <= 1.0.5 zigcy-lite <= 2.0.9"}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-285 Improper Authorization"}]},{"description":[{"lang":"eng","value":"CWE-434 Unrestricted Upload of File with Dangerous Type"}]}]},"references":{"reference_data":[{"name":"https://www.wordfence.com/blog/2021/10/high-severity-vulnerability-patched-in-access-demo-importer-plugin/","refsource":"MISC","url":"https://www.wordfence.com/blog/2021/10/high-severity-vulnerability-patched-in-access-demo-importer-plugin/"},{"name":"https://plugins.trac.wordpress.org/changeset/2592642/access-demo-importer/trunk/inc/demo-functions.php","refsource":"MISC","url":"https://plugins.trac.wordpress.org/changeset/2592642/access-demo-importer/trunk/inc/demo-functions.php"},{"name":"https://plugins.trac.wordpress.org/changeset/2602132/access-demo-importer/trunk/inc/demo-functions.php","refsource":"MISC","url":"https://plugins.trac.wordpress.org/changeset/2602132/access-demo-importer/trunk/inc/demo-functions.php"},{"name":"https://patchstack.com/articles/authenticated-vulnerability-in-unpatched-wordpress-themes/","refsource":"MISC","url":"https://patchstack.com/articles/authenticated-vulnerability-in-unpatched-wordpress-themes/"}]},"solution":[{"lang":"en","value":"Update to the latest available version of software for each, or uninstall from WordPress site if no updated software available."}],"source":{"discovery":"INTERNAL"}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T02:06:41.686Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.wordfence.com/blog/2021/10/high-severity-vulnerability-patched-in-access-demo-importer-plugin/"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://plugins.trac.wordpress.org/changeset/2592642/access-demo-importer/trunk/inc/demo-functions.php"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://plugins.trac.wordpress.org/changeset/2602132/access-demo-importer/trunk/inc/demo-functions.php"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://patchstack.com/articles/authenticated-vulnerability-in-unpatched-wordpress-themes/"}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-02-14T18:23:19.419703Z","id":"CVE-2021-39317","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-02-14T18:23:25.466Z"}}]},"cveMetadata":{"assignerOrgId":"b15e7b5b-3da4-40ae-a43c-f7aa60e62599","assignerShortName":"Wordfence","cveId":"CVE-2021-39317","datePublished":"2021-10-11T15:48:57.291Z","dateReserved":"2021-08-20T00:00:00.000Z","dateUpdated":"2025-02-14T18:23:25.466Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}