CVE-2021-39317
- Source
- https://cve.org/CVERecord?id=CVE-2021-39317
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-39317.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-39317
- Published
- 2021-10-11T16:15:07.650Z
- Modified
- 2026-04-10T04:37:09.067045Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the pluginofflineinstaller AJAX action due to a missing capability check in the pluginofflineinstaller_callback function found in the /demo-functions.php file or /welcome.php file of the affected products. The complete list of affected products and their versions are below: WordPress Plugin: AccessPress Demo Importer <=1.0.6 WordPress Themes: accesspress-basic <= 3.2.1 accesspress-lite <= 2.92 accesspress-mag <= 2.6.5 accesspress-parallax <= 4.5 accesspress-root <= 2.5 accesspress-store <= 2.4.9 agency-lite <= 1.1.6 arrival <= 1.4.2 bingle <= 1.0.4 bloger <= 1.2.6 brovy <= 1.3 construction-lite <= 1.2.5 doko <= 1.0.27 edict-lite <= 1.1.4 eightlaw-lite <= 2.1.5 eightmedi-lite <= 2.1.8 eight-sec <= 1.1.4 eightstore-lite <= 1.2.5 enlighten <= 1.3.5 fotography <= 2.4.0 opstore <= 1.4.3 parallaxsome <= 1.3.6 punte <= 1.1.2 revolve <= 1.3.1 ripple <= 1.2.0 sakala <= 1.0.4 scrollme <= 2.1.0 storevilla <= 1.4.1 swing-lite <= 1.1.9 the100 <= 1.1.2 the-launcher <= 1.3.2 the-monday <= 1.4.1 ultra-seven <= 1.2.8 uncode-lite <= 1.3.3 vmag <= 1.2.7 vmagazine-lite <= 1.3.5 vmagazine-news <= 1.0.5 wpparallax <= 2.0.6 wp-store <= 1.1.9 zigcy-baby <= 1.0.6 zigcy-cosmetics <= 1.0.5 zigcy-lite <= 2.0.9
- References
-
- https://patchstack.com/articles/authenticated-vulnerability-in-unpatched-wordpress-themes/
- https://plugins.trac.wordpress.org/changeset/2592642/access-demo-importer/trunk/inc/demo-functions.php
- https://plugins.trac.wordpress.org/changeset/2602132/access-demo-importer/trunk/inc/demo-functions.php
- https://www.wordfence.com/blog/2021/10/high-severity-vulnerability-patched-in-access-demo-importer-plugin/
Affected packages
Git / github.com/Rockhopper-Technologies/enlighten
Affected ranges
- Type
- GIT
- Repo
- https://github.com/Rockhopper-Technologies/enlighten
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "fixed": "1.0.7" }, { "introduced": "0" }, { "last_affected": "1.3" }, { "introduced": "0" }, { "last_affected": "1.3.1" }, { "introduced": "0" }, { "last_affected": "1.2.0" }, { "introduced": "0" }, { "last_affected": "1.3.2" }, { "introduced": "0" }, { "last_affected": "1.3.3" }, { "introduced": "0" }, { "last_affected": "1.0.6" } ] }
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-39317.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.92"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.6.5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.4.9"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.2.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.1.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.4.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.0.4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.2.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.2.5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.0.27"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.1.4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.1.4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.1.5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.1.8"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.2.5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.3.5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.4.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.4.3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.3.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.1.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.0.4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.1.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.4.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.1.9"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.4.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.1.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.2.8"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.2.7"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.3.5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.0.5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.1.9"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.0.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.0.5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.0.9"
}
]
}
]