Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Home / Threats / CVE-2021-39317

CVE-2021-39317 - Access Demo Importer Plugin

CVE-2021-39317

Vulnerability CVE-2021-39317 PLUGIN access-demo-importer HIGH

A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the /demo-functions.php file or /welcome.php file of the affected products. The complete list of affected products and their versions are below: WordPress Plugin: AccessPress Demo Importer

CVE-2021-39317

HIGH CVSS 8.8 Published 2021-10-11 Updated 2024-11-21
AI Risk High (78/100) Active Exploit: No strong signal Published Exploit: No public exploit references Priority: P2 Urgent
Severity Band HIGH
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Components 44
Reference Links 4
AI Risk Engine High (78/100)
Exploitability High
Active Exploitation No strong signal
Published Exploit Status No public exploit references

Threat Timeline

  1. 2021-10-11 CVE published and first recorded in the threat feed.
  2. 2024-11-21 Record updated with latest vulnerability metadata.
  3. 2026-04-11 AI technical context refreshed for mitigation and impact guidance.
  4. Now Monitoring for follow-up changes, linked references, and new related CVEs.

AI Context

Machine-generated threat intelligence

AI Updated 6 days ago

AI enriched 6 days ago (2026-04-11 00:13 UTC)

Technical Summary

A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the /demo-functions.php file or /welcome.php file of the affected products. The complete list of affected products and their versions are below: WordPress Plugin: AccessPress Demo Importer

Potential Impact

Severity is HIGH (CVSS 8.8). Depending on deployment context, affected components may be exposed to unauthorized actions or data integrity risk.

Exploitability Assessment

Exploitability is assessed as High based on severity and technical exposure profile.

Primary risk drivers: severity and technical exposure profile

Mitigation Recommendations

Validate affected product versions, prioritize patching, and monitor references for vendor remediation guidance. If immediate patching is not possible, apply compensating controls and limit exposure of vulnerable surfaces.

Detection & Monitoring

Track authentication anomalies, unexpected file writes, and suspicious plugin API activity around affected components.

Business Impact Lens

AI risk score 78/100 (High, High) with priority P2 Urgent. Prioritize remediation where affected components process customer data, admin sessions, or Internet-exposed workflows.

Affected Products

Access Demo Importer PLUGIN · access-demo-importer Affected: < 1.0.7 Fixed in: 1.0.7
Accesspress Basic PLUGIN · accesspress-basic Affected: <= 3.2.1 Fixed version not specified
Accesspress Lite PLUGIN · accesspress-lite Affected: <= 2.92 Fixed version not specified
Accesspress Mag PLUGIN · accesspress-mag Affected: <= 2.6.5 Fixed version not specified
Accesspress Parallax PLUGIN · accesspress-parallax Affected: <= 4.5 Fixed version not specified
Accesspress Root PLUGIN · accesspress-root Affected: <= 2.5 Fixed version not specified
Accesspress Store PLUGIN · accesspress-store Affected: <= 2.4.9 Fixed version not specified
Agency Lite PLUGIN · agency-lite Affected: <= 1.1.6 Fixed version not specified
Arrival PLUGIN · arrival Affected: <= 1.4.2 Fixed version not specified
Bingle PLUGIN · bingle Affected: <= 1.0.4 Fixed version not specified
Bloger PLUGIN · bloger Affected: <= 1.2.6 Fixed version not specified
Brovy PLUGIN · brovy Affected: <= 1.3 Fixed version not specified
Changeset PLUGIN · changeset Affected range not specified Fixed version not specified
Construction Lite PLUGIN · construction-lite Affected: <= 1.2.5 Fixed version not specified
Doko PLUGIN · doko Affected: <= 1.0.27 Fixed version not specified
Edict Lite PLUGIN · edict-lite Affected: <= 1.1.4 Fixed version not specified
Eight Sec PLUGIN · eight-sec Affected: <= 1.1.4 Fixed version not specified
Eightlaw Lite PLUGIN · eightlaw-lite Affected: <= 2.1.5 Fixed version not specified
Eightmedi Lite PLUGIN · eightmedi-lite Affected: <= 2.1.8 Fixed version not specified
Eightstore Lite PLUGIN · eightstore-lite Affected: <= 1.2.5 Fixed version not specified
Enlighten PLUGIN · enlighten Affected: <= 1.3.5 Fixed version not specified
Fotography PLUGIN · fotography Affected: <= 2.4.0 Fixed version not specified
Launcher PLUGIN · launcher Affected: <= 1.3.2 Fixed version not specified
Monday PLUGIN · monday Affected: <= 1.4.1 Fixed version not specified
Opstore PLUGIN · opstore Affected: <= 1.4.3 Fixed version not specified
Parallaxsome PLUGIN · parallaxsome Affected: <= 1.3.6 Fixed version not specified
Punte PLUGIN · punte Affected: <= 1.1.2 Fixed version not specified
Revolve PLUGIN · revolve Affected: <= 1.3.1 Fixed version not specified
Ripple PLUGIN · ripple Affected: <= 1.2.0 Fixed version not specified
Sakala PLUGIN · sakala Affected: <= 1.0.4 Fixed version not specified
Scrollme PLUGIN · scrollme Affected: <= 2.1.0 Fixed version not specified
Storevilla PLUGIN · storevilla Affected: <= 1.4.1 Fixed version not specified
Swing Lite PLUGIN · swing-lite Affected: <= 1.1.9 Fixed version not specified
The100 PLUGIN · the100 Affected: <= 1.1.2 Fixed version not specified
Ultra Seven PLUGIN · ultra-seven Affected: <= 1.2.8 Fixed version not specified
Uncode Lite PLUGIN · uncode-lite Affected: <= 1.3.3 Fixed version not specified
Vmag PLUGIN · vmag Affected: <= 1.2.7 Fixed version not specified
Vmagazine Lite PLUGIN · vmagazine-lite Affected: <= 1.3.5 Fixed version not specified
Vmagazine News PLUGIN · vmagazine-news Affected: <= 1.0.5 Fixed version not specified
Wp Store PLUGIN · wp-store Affected: <= 1.1.9 Fixed version not specified
Wpparallax PLUGIN · wpparallax Affected: <= 2.0.6 Fixed version not specified
Zigcy Baby PLUGIN · zigcy-baby Affected: <= 1.0.6 Fixed version not specified
Zigcy Cosmetics PLUGIN · zigcy-cosmetics Affected: <= 1.0.5 Fixed version not specified
Zigcy Lite PLUGIN · zigcy-lite Affected: <= 2.0.9 Fixed version not specified

Related Vulnerabilities

Browse All Threats

Newest linked vulnerabilities to keep visitors exploring adjacent CVE coverage.

CVE-2022-23976 - Access Demo Importer Plugin CVE-2022-23976 Published 2022-04-18 CVE-2022-23975 - Access Demo Importer Plugin CVE-2022-23975 Published 2022-04-18 CVE-2021-24867 - Accesspress Basic Plugin CVE-2021-24867 Published 2022-02-21 CVE-2026-4160 - Changeset Plugin CVE-2026-4160 Published 2026-04-16 New CVE-2026-3489 - Changeset Plugin CVE-2026-3489 Published 2026-04-16 New CVE-2026-3369 - Changeset Plugin CVE-2026-3369 Published 2026-04-16 New
Scroll to top