Description

WordPress Plugin Responsive Notification Bar for WordPress-Apex Notification Bar Lite [only if downloaded via the vendor website] contains suspicious code. Attackers can exploit this issue to perform a variety of actions. Successful attacks will compromise the affected application and possibly the webserver or computer. WordPress Plugin Responsive Notification Bar for WordPress-Apex Notification Bar Lite version 2.0.4 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 2.0.5 or latest

References

https://jetpack.com/2022/01/18/backdoor-found-in-themes-and-plugins-from-accesspress-themes/

Related Vulnerabilities

WordPress Plugin Responsive Menu-Create Mobile-Friendly Menu Multiple Vulnerabilities (3.1.3)

WordPress Plugin Timeline Calendar SQL Injection (1.2)

WordPress Plugin Thinkun Remind 'dirPath' Parameter Information Disclosure (1.1.3)

Opencart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-37823)

WordPress Plugin Side Menu-add fixed side buttons SQL Injection (3.1.3)

Severity

High

Classification

CVE-2021-24867 CWE-912 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update