Description
WordPress Plugin AccessPress Custom Post Type [only if downloaded via the vendor website] contains suspicious code. Attackers can exploit this issue to perform a variety of actions. Successful attacks will compromise the affected application and possibly the webserver or computer. WordPress Plugin AccessPress Custom Post Type version 1.0.8 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.0.9 or latest
References
Related Vulnerabilities
WordPress Plugin Auto Affiliate Links Multiple SQL Injection Vulnerabilities (4.9.9.4)
WordPress Plugin Mini Mail Dashboard Widget 'abspath' Parameter Remote File Include (1.36)
WordPress Plugin LearnPress-WordPress LMS Local File Inclusion (4.2.6.8.2)