Access Demo Importer
Monthly
Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker to reset all data (posts / pages / media). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker to activate any installed plugin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker to reset all data (posts / pages / media). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker to activate any installed plugin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.