CVE-2021-39317

Description

A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the /demo-functions.php file or /welcome.php file of the affected products. The complete list of affected products and their versions are below: WordPress Plugin: AccessPress Demo Importer <=1.0.6 WordPress Themes: accesspress-basic <= 3.2.1 accesspress-lite <= 2.92 accesspress-mag <= 2.6.5 accesspress-parallax <= 4.5 accesspress-root <= 2.5 accesspress-store <= 2.4.9 agency-lite <= 1.1.6 arrival <= 1.4.2 bingle <= 1.0.4 bloger <= 1.2.6 brovy <= 1.3 construction-lite <= 1.2.5 doko <= 1.0.27 edict-lite <= 1.1.4 eightlaw-lite <= 2.1.5 eightmedi-lite <= 2.1.8 eight-sec <= 1.1.4 eightstore-lite <= 1.2.5 enlighten <= 1.3.5 fotography <= 2.4.0 opstore <= 1.4.3 parallaxsome <= 1.3.6 punte <= 1.1.2 revolve <= 1.3.1 ripple <= 1.2.0 sakala <= 1.0.4 scrollme <= 2.1.0 storevilla <= 1.4.1 swing-lite <= 1.1.9 the100 <= 1.1.2 the-launcher <= 1.3.2 the-monday <= 1.4.1 ultra-seven <= 1.2.8 uncode-lite <= 1.3.3 vmag <= 1.2.7 vmagazine-lite <= 1.3.5 vmagazine-news <= 1.0.5 wpparallax <= 2.0.6 wp-store <= 1.1.9 zigcy-baby <= 1.0.6 zigcy-cosmetics <= 1.0.5 zigcy-lite <= 2.0.9

CVSS breakdown

Affected products

• AccessPress Themes / Access Demo Importer1.0.6 – 1.0.6
• AccessPress Themes / accesspress-basic3.2.1 – 3.2.1
• AccessPress Themes / accesspress-lite2.9.2 – 2.9.2
• AccessPress Themes / accesspress-mag2.6.5 – 2.6.5
• AccessPress Themes / accesspress-parallax4.5 – 4.5
• AccessPress Themes / accesspress-root2.5 – 2.5
• AccessPress Themes / accesspress-store2.4.9 – 2.4.9
• AccessPress Themes / agency-lite1.1.6 – 1.1.6
• AccessPress Themes / arrival1.4.2 – 1.4.2
• AccessPress Themes / bingle1.0.4 – 1.0.4
• AccessPress Themes / bloger1.2.6 – 1.2.6
• AccessPress Themes / brovy1.3 – 1.3
• AccessPress Themes / construction-lite1.2.5 – 1.2.5
• AccessPress Themes / doko1.0.27 – 1.0.27
• AccessPress Themes / edict-lite1.1.4 – 1.1.4
• AccessPress Themes / enlighten1.3.5 – 1.3.5
• AccessPress Themes / fotography2.4.0 – 2.4.0
• AccessPress Themes / opstore1.4.3 – 1.4.3
• AccessPress Themes / parallaxsome1.3.6 – 1.3.6
• AccessPress Themes / punte1.1.2 – 1.1.2
• AccessPress Themes / revolve1.3.1 – 1.3.1
• AccessPress Themes / ripple1.2.0 – 1.2.0
• AccessPress Themes / sakala1.0.4 – 1.0.4
• AccessPress Themes / scrollme2.1.0 – 2.1.0
• AccessPress Themes / storevilla1.4.1 – 1.4.1
• AccessPress Themes / swing-lite1.1.9 – 1.1.9
• AccessPress Themes / the1001.1.2 – 1.1.2
• AccessPress Themes / the-launcher1.3.2 – 1.3.2
• AccessPress Themes / the-monday1.4.1 – 1.4.1
• AccessPress Themes / ultra-seven1.2.8 – 1.2.8
• AccessPress Themes / uncode-lite1.3.3 – 1.3.3
• AccessPress Themes / vmag1.2.7 – 1.2.7
• AccessPress Themes / vmagazine-lite1.3.5 – 1.3.5
• AccessPress Themes / vmagazine-news1.0.5 – 1.0.5
• AccessPress Themes / wpparallax2.0.6 – 2.0.6
• AccessPress Themes / wp-store1.1.9 – 1.1.9
• AccessPress Themes / zigcy-baby1.0.6 – 1.0.6
• AccessPress Themes / zigcy-cosmetics1.0.5 – 1.0.5
• AccessPress Themes / zigcy-lite2.0.9 – 2.0.9

References

• MISChttps://www.wordfence.com/blog/2021/10/high-severity-vulnerability-patched-in-access-demo-importer-plugin/
• MISChttps://plugins.trac.wordpress.org/changeset/2592642/access-demo-importer/trunk/inc/demo-functions.php
• MISChttps://plugins.trac.wordpress.org/changeset/2602132/access-demo-importer/trunk/inc/demo-functions.php
• MISChttps://patchstack.com/articles/authenticated-vulnerability-in-unpatched-wordpress-themes/