Description

WordPress Plugin Everest GPlaces Business Reviews [only if downloaded via the vendor website] contains suspicious code. Attackers can exploit this issue to perform a variety of actions. Successful attacks will compromise the affected application and possibly the webserver or computer. WordPress Plugin Everest GPlaces Business Reviews version 1.0.9 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 2.0.0 or latest

References

https://jetpack.com/2022/01/18/backdoor-found-in-themes-and-plugins-from-accesspress-themes/

Related Vulnerabilities

WordPress Plugin Smush Image Compression and Optimization Directory Traversal (2.7.5)

WordPress Plugin BP Group Documents Security Bypass (1.10)

WordPress Plugin Tune Library SQL Injection (1.5.4)

Apache HTTP Server Improper Input Validation Vulnerability (CVE-2017-9788)

WordPress Plugin White Label CMS Cross-Site Scripting (1.5.2)

Severity

High

Classification

CVE-2021-24867 CWE-912 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update