Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Home / Threats / CVE-2021-24867

CVE-2021-24867 - Accessbuddy Plugin

CVE-2021-24867

Vulnerability CVE-2021-24867 PLUGIN accessbuddy CRITICAL

Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to avoid any confusion

CVE-2021-24867

CRITICAL CVSS 9.8 Published 2022-02-21 Updated 2024-11-21
AI Risk Critical (90/100) Active Exploit: No strong signal Published Exploit: No public exploit references Priority: P1 Immediate
Severity Band CRITICAL
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Components 93
Reference Links 2
AI Risk Engine Critical (90/100)
Exploitability High
Active Exploitation No strong signal
Published Exploit Status No public exploit references

Threat Timeline

  1. 2022-02-21 CVE published and first recorded in the threat feed.
  2. 2024-11-21 Record updated with latest vulnerability metadata.
  3. 2026-04-11 AI technical context refreshed for mitigation and impact guidance.
  4. Now Monitoring for follow-up changes, linked references, and new related CVEs.

AI Context

Machine-generated threat intelligence

AI Updated 6 days ago

AI enriched 6 days ago (2026-04-11 00:13 UTC)

Technical Summary

Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to avoid any confusion

Potential Impact

Severity is CRITICAL (CVSS 9.8). Depending on deployment context, affected components may be exposed to unauthorized actions or data integrity risk.

Exploitability Assessment

Exploitability is assessed as High based on severity and technical exposure profile.

Primary risk drivers: severity and technical exposure profile

Mitigation Recommendations

Validate affected product versions, prioritize patching, and monitor references for vendor remediation guidance. If immediate patching is not possible, apply compensating controls and limit exposure of vulnerable surfaces.

Detection & Monitoring

Track authentication anomalies, unexpected file writes, and suspicious plugin API activity around affected components.

Business Impact Lens

AI risk score 90/100 (Critical, High) with priority P1 Immediate. Prioritize remediation where affected components process customer data, admin sessions, or Internet-exposed workflows.

Affected Products

Accessbuddy PLUGIN · accessbuddy Affected: >= 1.0.0, <= 1.0.0 Fixed version not specified
Accesspress Anonymous Post PLUGIN · accesspress-anonymous-post Affected: >= 2.8.0, <= 2.8.0 Fixed version not specified
Accesspress Basic PLUGIN · accesspress-basic Affected: >= 3.2.1, <= 3.2.1 Fixed version not specified
Accesspress Custom Css PLUGIN · accesspress-custom-css Affected: >= 2.0.1, <= 2.0.1 Fixed version not specified
Accesspress Custom Post Type PLUGIN · accesspress-custom-post-type Affected: >= 1.0.8, <= 1.0.8 Fixed version not specified
Accesspress Ifeeds PLUGIN · accesspress-ifeeds Affected: >= 4.0.3, <= 4.0.3 Fixed version not specified
Accesspress Lite PLUGIN · accesspress-lite Affected: >= 2.92, <= 2.92 Fixed version not specified
Accesspress Mag PLUGIN · accesspress-mag Affected: >= 2.6.5, <= 2.6.5 Fixed version not specified
Accesspress Parallax PLUGIN · accesspress-parallax Affected: >= 4.5, <= 4.5 Fixed version not specified
Accesspress Ray PLUGIN · accesspress-ray Affected: >= 1.19.5, <= 1.19.5 Fixed version not specified
Accesspress Root PLUGIN · accesspress-root Affected: >= 2.5, <= 2.5 Fixed version not specified
Accesspress Social Counter PLUGIN · accesspress-social-counter Affected: >= 1.9.1, <= 1.9.1 Fixed version not specified
Accesspress Social Icons PLUGIN · accesspress-social-icons Affected: >= 1.8.2, <= 1.8.2 Fixed version not specified
Accesspress Social Login Lite PLUGIN · accesspress-social-login-lite Affected: >= 3.4.7, <= 3.4.7 Fixed version not specified
Accesspress Social Share PLUGIN · accesspress-social-share Affected: >= 4.5.5, <= 4.5.5 Fixed version not specified
Accesspress Staple PLUGIN · accesspress-staple Affected: >= 1.9.1, <= 1.9.1 Fixed version not specified
Accesspress Store PLUGIN · accesspress-store Affected: >= 2.4.9, <= 2.4.9 Fixed version not specified
Agency Lite PLUGIN · agency-lite Affected: >= 1.1.6, <= 1.1.6 Fixed version not specified
Ap Companion PLUGIN · ap-companion Affected: < 1.0.7 Fixed in: 1.0.7
Ap Contact Form PLUGIN · ap-contact-form Affected: >= 1.0.6, <= 1.0.6 Fixed version not specified
Ap Custom Testimonial PLUGIN · ap-custom-testimonial Affected: >= 1.4.6, <= 1.4.6 Fixed version not specified
Ap Mega Menu PLUGIN · ap-mega-menu Affected: >= 3.0.5, <= 3.0.5 Fixed version not specified
Ap Pricing Tables Lite PLUGIN · ap-pricing-tables-lite Affected: >= 1.1.2, <= 1.1.2 Fixed version not specified
Apex Notification Bar Lite PLUGIN · apex-notification-bar-lite Affected: >= 2.0.4, <= 2.0.4 Fixed version not specified
Aplite PLUGIN · aplite Affected: >= 1.0.6, <= 1.0.6 Fixed version not specified
Badge Designer Lite For Woocommerce PLUGIN · badge-designer-lite-for-woocommerce Affected: >= 1.1.0, <= 1.1.0 Fixed version not specified
Bingle PLUGIN · bingle Affected: >= 1.0.4, <= 1.0.4 Fixed version not specified
Bloger PLUGIN · bloger Affected: >= 1.2.6, <= 1.2.6 Fixed version not specified
Comments Disable Accesspress PLUGIN · comments-disable-accesspress Affected: >= 1.0.7, <= 1.0.7 Fixed version not specified
Construction Lite PLUGIN · construction-lite Affected: >= 1.2.5, <= 1.2.5 Fixed version not specified
Doko PLUGIN · doko Affected: >= 1.0.27, <= 1.0.27 Fixed version not specified
Easy Side Tab PLUGIN · easy-side-tab Affected: >= 1.0.7, <= 1.0.7 Fixed version not specified
Enlighten PLUGIN · enlighten Affected: >= 1.3.5, <= 1.3.5 Fixed version not specified
Everest Coming Soon Lite PLUGIN · everest-coming-soon-lite Affected: >= 1.1.0, <= 1.1.0 Fixed version not specified
Everest Comment Rating Lite PLUGIN · everest-comment-rating-lite Affected: >= 2.0.4, <= 2.0.4 Fixed version not specified
Everest Counter Lite PLUGIN · everest-counter-lite Affected: >= 2.0.7, <= 2.0.7 Fixed version not specified
Everest Faq Manager Lite PLUGIN · everest-faq-manager-lite Affected: >= 1.0.8, <= 1.0.8 Fixed version not specified
Everest Gallery Lite PLUGIN · everest-gallery-lite Affected: >= 1.0.8, <= 1.0.8 Fixed version not specified
Everest Gplaces Business Reviews PLUGIN · everest-gplaces-business-reviews Affected: >= 1.0.9, <= 1.0.9 Fixed version not specified
Everest Review Lite PLUGIN · everest-review-lite Affected: >= 1.0.7, <= 1.0.7 Fixed version not specified
Everest Tab Lite PLUGIN · everest-tab-lite Affected: >= 2.0.3, <= 2.0.3 Fixed version not specified
Everest Timeline Lite PLUGIN · everest-timeline-lite Affected: >= 1.1.1, <= 1.1.1 Fixed version not specified
Fashstore PLUGIN · fashstore Affected: >= 1.2.1, <= 1.2.1 Fixed version not specified
Form Store To Db PLUGIN · form-store-to-db Affected: >= 1.0.9, <= 1.0.9 Fixed version not specified
Fotography PLUGIN · fotography Affected: >= 2.4.0, <= 2.4.0 Fixed version not specified
Gaga Corp PLUGIN · gaga-corp Affected: >= 1.0.8, <= 1.0.8 Fixed version not specified
Gaga Lite PLUGIN · gaga-lite Affected: >= 1.4.2, <= 1.4.2 Fixed version not specified
Inline Call To Action Builder Lite PLUGIN · inline-call-to-action-builder-lite Affected: >= 1.1.0, <= 1.1.0 Fixed version not specified
Launcher PLUGIN · launcher Affected: >= 1.3.2, <= 1.3.2 Fixed version not specified
Mcontact Button PLUGIN · mcontact-button Affected: < 2.0.7 Fixed in: 2.0.7
Monday PLUGIN · monday Affected: >= 1.4.1, <= 1.4.1 Fixed version not specified
One Paze PLUGIN · one-paze Affected: >= 2.2.8, <= 2.2.8 Fixed version not specified
Parallax Blog PLUGIN · parallax-blog Affected: >= 3.1.1574941215, <= 3.1.1574941215 Fixed version not specified
Parallaxsome PLUGIN · parallaxsome Affected: >= 1.3.6, <= 1.3.6 Fixed version not specified
Pi Button PLUGIN · pi-button Affected: >= 3.3.3, <= 3.3.3 Fixed version not specified
Product Slider For Woocommerce Lite PLUGIN · product-slider-for-woocommerce-lite Affected: >= 1.1.5, <= 1.1.5 Fixed version not specified
Punte PLUGIN · punte Affected: >= 1.1.2, <= 1.1.2 Fixed version not specified
Revolve PLUGIN · revolve Affected: >= 1.3.1, <= 1.3.1 Fixed version not specified
Ripple PLUGIN · ripple Affected: >= 1.2.0, <= 1.2.0 Fixed version not specified
Scrollme PLUGIN · scrollme Affected: >= 2.1.0, <= 2.1.0 Fixed version not specified
Smart Logo Showcase Lite PLUGIN · smart-logo-showcase-lite Affected: >= 1.1.7, <= 1.1.7 Fixed version not specified
Smart Scroll Posts PLUGIN · smart-scroll-posts Affected: >= 2.0.8, <= 2.0.8 Fixed version not specified
Smart Scroll To Top Lite PLUGIN · smart-scroll-to-top-lite Affected: >= 1.0.3, <= 1.0.3 Fixed version not specified
Social Auto Poster PLUGIN · social-auto-poster Affected: >= 2.1.3, <= 2.1.3 Fixed version not specified
Social Review PLUGIN · social-review Affected: < 1.0.9 Fixed in: 1.0.9
Sportsmag PLUGIN · sportsmag Affected: >= 1.2.1, <= 1.2.1 Fixed version not specified
Storevilla PLUGIN · storevilla Affected: >= 1.4.1, <= 1.4.1 Fixed version not specified
Swing Lite PLUGIN · swing-lite Affected: >= 1.1.9, <= 1.1.9 Fixed version not specified
Tauto Poster PLUGIN · tauto-poster Affected: >= 1.4.5, <= 1.4.5 Fixed version not specified
Total Gdpr Compliance Lite PLUGIN · total-gdpr-compliance-lite Affected: >= 1.0.4, <= 1.0.4 Fixed version not specified
Total Team Lite PLUGIN · total-team-lite Affected: >= 1.1.1, <= 1.1.1 Fixed version not specified
Ultimate Author Box Lite PLUGIN · ultimate-author-box-lite Affected: >= 1.1.2, <= 1.1.2 Fixed version not specified
Ultimate Form Builder Lite PLUGIN · ultimate-form-builder-lite Affected: >= 1.5.0, <= 1.5.0 Fixed version not specified
Uncode Lite PLUGIN · uncode-lite Affected: >= 1.3.1, <= 1.3.1 Fixed version not specified
Unicon Lite PLUGIN · unicon-lite Affected: >= 1.2.6, <= 1.2.6 Fixed version not specified
Vmag PLUGIN · vmag Affected: >= 1.2.7, <= 1.2.7 Fixed version not specified
Vmagazine Lite PLUGIN · vmagazine-lite Affected: >= 1.3.5, <= 1.3.5 Fixed version not specified
Vmagazine News PLUGIN · vmagazine-news Affected: >= 1.0.5, <= 1.0.5 Fixed version not specified
Wp 1 Slider PLUGIN · wp-1-slider Affected: >= 1.2.9, <= 1.2.9 Fixed version not specified
Wp Blog Manager Lite PLUGIN · wp-blog-manager-lite Affected: >= 1.1.0, <= 1.1.0 Fixed version not specified
Wp Comment Designer Lite PLUGIN · wp-comment-designer-lite Affected: >= 2.0.3, <= 2.0.3 Fixed version not specified
Wp Cookie User Info PLUGIN · wp-cookie-user-info Affected: >= 1.0.7, <= 1.0.7 Fixed version not specified
Wp Floating Menu PLUGIN · wp-floating-menu Affected: >= 1.4.4, <= 1.4.4 Fixed version not specified
Wp Media Manager Lite PLUGIN · wp-media-manager-lite Affected: >= 1.1.2, <= 1.1.2 Fixed version not specified
Wp Menu Icons Lite PLUGIN · wp-menu-icons-lite Affected: < 1.0.9 Fixed in: 1.0.9
Wp Popup Banners PLUGIN · wp-popup-banners Affected: >= 1.2.3, <= 1.2.3 Fixed version not specified
Wp Popup Lite PLUGIN · wp-popup-lite Affected: >= 1.0.8, <= 1.0.8 Fixed version not specified
Wp Product Gallery Lite PLUGIN · wp-product-gallery-lite Affected: >= 1.1.1, <= 1.1.1 Fixed version not specified
Wp Tfeed PLUGIN · wp-tfeed Affected: >= 1.6.7, <= 1.6.7 Fixed version not specified
Zigcy Baby PLUGIN · zigcy-baby Affected: >= 1.0.6, <= 1.0.6 Fixed version not specified
Zigcy Cosmetics PLUGIN · zigcy-cosmetics Affected: >= 1.0.5, <= 1.0.5 Fixed version not specified
Zigcy Lite PLUGIN · zigcy-lite Affected: >= 2.0.9, <= 2.0.9 Fixed version not specified
Everest Admin Theme Lite THEME · everest-admin-theme-lite Affected: >= 1.0.7, <= 1.0.7 Fixed version not specified

Related Vulnerabilities

Browse All Threats

Newest linked vulnerabilities to keep visitors exploring adjacent CVE coverage.

CVE-2021-39317 - Accesspress Basic Plugin CVE-2021-39317 Published 2021-10-11 CVE-2022-23911 - Ap Custom Testimonial Plugin CVE-2022-23911 Published 2022-02-28 CVE-2022-23912 - Ap Custom Testimonial Plugin CVE-2022-23912 Published 2022-02-28 CVE-2022-0628 - Ap Mega Menu Plugin CVE-2022-0628 Published 2022-03-21 CVE-2021-25107 - Form Store To Db Plugin CVE-2021-25107 Published 2022-02-14 CVE-2021-36829 - Launcher Plugin CVE-2021-36829 Published 2022-09-06
Scroll to top