Description

WordPress Plugin PI Button [only if downloaded via the vendor website] contains suspicious code. Attackers can exploit this issue to perform a variety of actions. Successful attacks will compromise the affected application and possibly the webserver or computer. WordPress Plugin PI Button version 3.3.3 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 3.3.4 or latest

References

https://jetpack.com/2022/01/18/backdoor-found-in-themes-and-plugins-from-accesspress-themes/

Related Vulnerabilities

WordPress Plugin YITH WooCommerce Gift Cards Premium Unspecified Vulnerability (3.20.0)

WordPress Plugin Awesome Filterable Portfolio Multiple SQL Injection Vulnerabilities (1.8.6)

WordPress Plugin Discount Rules for WooCommerce Multiple Vulnerabilities (2.0.2)

WordPress Plugin BizLibrary Cross-Site Scripting (1.1)

WordPress Plugin ShopLentor-WooCommerce Builder for Elementor & Gutenberg +10 Modules-All in One Solution (formerly WooLentor) Multiple Cross-Site Scripting Vulnerabilities (1.8.5)

Severity

High

Classification

CVE-2021-24867 CWE-912 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Tags

Missing Update