{"cve":{"cve_id":"CVE-2021-39317","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.01652,"epss_percentile":0.73475,"epss_as_of":"2026-06-23","description":"A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the /demo-functions.php file or /welcome.php file of the affected products. The complete list of affected products and their versions are below: WordPress Plugin: AccessPress Demo Importer <=1.0.6 WordPress Themes: accesspress-basic <= 3.2.1 accesspress-lite <= 2.92 accesspress-mag <= 2.6.5 accesspress-parallax <= 4.5 accesspress-root <= 2.5 accesspress-store <= 2.4.9 agency-lite <= 1.1.6 arrival <= 1.4.2 bingle <= 1.0.4 bloger <= 1.2.6 brovy <= 1.3 construction-lite <= 1.2.5 doko <= 1.0.27 edict-lite <= 1.1.4 eightlaw-lite <= 2.1.5 eightmedi-lite <= 2.1.8 eight-sec <= 1.1.4 eightstore-lite <= 1.2.5 enlighten <= 1.3.5 fotography <= 2.4.0 opstore <= 1.4.3 parallaxsome <= 1.3.6 punte <= 1.1.2 revolve <= 1.3.1 ripple <= 1.2.0 sakala <= 1.0.4 scrollme <= 2.1.0 storevilla <= 1.4.1 swing-lite <= 1.1.9 the100 <= 1.1.2 the-launcher <= 1.3.2 the-monday <= 1.4.1 ultra-seven <= 1.2.8 uncode-lite <= 1.3.3 vmag <= 1.2.7 vmagazine-lite <= 1.3.5 vmagazine-news <= 1.0.5 wpparallax <= 2.0.6 wp-store <= 1.1.9 zigcy-baby <= 1.0.6 zigcy-cosmetics <= 1.0.5 zigcy-lite <= 2.0.9","published_at":"2021-10-11T15:48:57.291000Z","last_modified_at":null,"cvss_v3_score":8.8,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","cvss_v3_severity":"HIGH","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":"none","ssvc_automatable":false,"ssvc_technical_impact":"total","cwes":["CWE-285","CWE-434"],"nvd_references":["https://www.wordfence.com/blog/2021/10/high-severity-vulnerability-patched-in-access-demo-importer-plugin/","https://plugins.trac.wordpress.org/changeset/2592642/access-demo-importer/trunk/inc/demo-functions.php","https://plugins.trac.wordpress.org/changeset/2602132/access-demo-importer/trunk/inc/demo-functions.php","https://patchstack.com/articles/authenticated-vulnerability-in-unpatched-wordpress-themes/"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:16:04.799218Z"},"effective_severity":"HIGH","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"L","value_label":"Low"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"H","value_label":"High"},{"metric":"A","name":"Availability","value":"H","value_label":"High"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"accesspress-themes","vendor_name":"AccessPress Themes","product_slug":"access-demo-importer","product_name":"Access Demo Importer","version_start":"1.0.6","version_start_inclusive":true,"version_end":"1.0.6","version_end_inclusive":true,"cpe23_uri":"cve5:accesspress-themes:access-demo-importer:1.0.6:1.0.6"},{"vendor_slug":"accesspress-themes","vendor_name":"AccessPress Themes","product_slug":"accesspress-basic","product_name":"accesspress-basic","version_start":"3.2.1","version_start_inclusive":true,"version_end":"3.2.1","version_end_inclusive":true,"cpe23_uri":"cve5:accesspress-themes:accesspress-basic:3.2.1:3.2.1"},{"vendor_slug":"accesspress-themes","vendor_name":"AccessPress Themes","product_slug":"accesspress-lite","product_name":"accesspress-lite","version_start":"2.9.2","version_start_inclusive":true,"version_end":"2.9.2","version_end_inclusive":true,"cpe23_uri":"cve5:accesspress-themes:accesspress-lite:2.9.2:2.9.2"},{"vendor_slug":"accesspress-themes","vendor_name":"AccessPress Themes","product_slug":"accesspress-mag","product_name":"accesspress-mag","version_start":"2.6.5","version_start_inclusive":true,"version_end":"2.6.5","version_end_inclusive":true,"cpe23_uri":"cve5:accesspress-themes:accesspress-mag:2.6.5:2.6.5"},{"vendor_slug":"accesspress-themes","vendor_name":"AccessPress Themes","product_slug":"accesspress-parallax","product_name":"accesspress-parallax","version_start":"4.5","version_start_inclusive":true,"version_end":"4.5","version_end_inclusive":true,"cpe23_uri":"cve5:accesspress-themes:accesspress-parallax:4.5:4.5"},{"vendor_slug":"accesspress-themes","vendor_name":"AccessPress Themes","product_slug":"accesspress-root","product_name":"accesspress-root","version_start":"2.5","version_start_inclusive":true,"version_end":"2.5","version_end_inclusive":true,"cpe23_uri":"cve5:accesspress-themes:accesspress-root:2.5:2.5"},{"vendor_slug":"accesspress-themes","vendor_name":"AccessPress Themes","product_slug":"accesspress-store","product_name":"accesspress-store","version_start":"2.4.9","version_start_inclusive":true,"version_end":"2.4.9","version_end_inclusive":true,"cpe23_uri":"cve5:accesspress-themes:accesspress-store:2.4.9:2.4.9"},{"vendor_slug":"accesspress-themes","vendor_name":"AccessPress Themes","product_slug":"agency-lite","product_name":"agency-lite","version_start":"1.1.6","version_start_inclusive":true,"version_end":"1.1.6","version_end_inclusive":true,"cpe23_uri":"cve5:accesspress-themes:agency-lite:1.1.6:1.1.6"},{"vendor_slug":"accesspress-themes","vendor_name":"AccessPress Themes","product_slug":"arrival","product_name":"arrival","version_start":"1.4.2","version_start_inclusive":true,"version_end":"1.4.2","version_end_inclusive":true,"cpe23_uri":"cve5:accesspress-themes:arrival:1.4.2:1.4.2"},{"vendor_slug":"accesspress-themes","vendor_name":"AccessPress Themes","product_slug":"bingle","product_name":"bingle","version_start":"1.0.4","version_start_inclusive":true,"version_end":"1.0.4","version_end_inclusive":true,"cpe23_uri":"cve5:accesspress-themes:bingle:1.0.4:1.0.4"},{"vendor_slug":"accesspress-themes","vendor_name":"AccessPress Themes","product_slug":"bloger","product_name":"bloger","version_start":"1.2.6","version_start_inclusive":true,"version_end":"1.2.6","version_end_inclusive":true,"cpe23_uri":"cve5:accesspress-themes:bloger:1.2.6:1.2.6"},{"vendor_slug":"accesspress-themes","vendor_name":"AccessPress Themes","product_slug":"brovy","product_name":"brovy","version_start":"1.3","version_start_inclusive":true,"version_end":"1.3","version_end_inclusive":true,"cpe23_uri":"cve5:accesspress-themes:brovy:1.3:1.3"},{"vendor_slug":"accesspress-themes","vendor_name":"AccessPress Themes","product_slug":"construction-lite","product_name":"construction-lite","version_start":"1.2.5","version_start_inclusive":true,"version_end":"1.2.5","version_end_inclusive":true,"cpe23_uri":"cve5:accesspress-themes:construction-lite:1.2.5:1.2.5"},{"vendor_slug":"accesspress-themes","vendor_name":"AccessPress Themes","product_slug":"doko","product_name":"doko","version_start":"1.0.27","version_start_inclusive":true,"version_end":"1.0.27","version_end_inclusive":true,"cpe23_uri":"cve5:accesspress-themes:doko:1.0.27:1.0.27"},{"vendor_slug":"accesspress-themes","vendor_name":"AccessPress Themes","product_slug":"edict-lite","product_name":"edict-lite","version_start":"1.1.4","version_start_inclusive":true,"version_end":"1.1.4","version_end_inclusive":true,"cpe23_uri":"cve5:accesspress-themes:edict-lite:1.1.4:1.1.4"},{"vendor_slug":"accesspress-themes","vendor_name":"AccessPress Themes","product_slug":"enlighten","product_name":"enlighten","version_start":"1.3.5","version_start_inclusive":true,"version_end":"1.3.5","version_end_inclusive":true,"cpe23_uri":"cve5:accesspress-themes:enlighten:1.3.5:1.3.5"},{"vendor_slug":"accesspress-themes","vendor_name":"AccessPress Themes","product_slug":"fotography","product_name":"fotography","version_start":"2.4.0","version_start_inclusive":true,"version_end":"2.4.0","version_end_inclusive":true,"cpe23_uri":"cve5:accesspress-themes:fotography:2.4.0:2.4.0"},{"vendor_slug":"accesspress-themes","vendor_name":"AccessPress Themes","product_slug":"opstore","product_name":"opstore","version_start":"1.4.3","version_start_inclusive":true,"version_end":"1.4.3","version_end_inclusive":true,"cpe23_uri":"cve5:accesspress-themes:opstore:1.4.3:1.4.3"},{"vendor_slug":"accesspress-themes","vendor_name":"AccessPress Themes","product_slug":"parallaxsome","product_name":"parallaxsome","version_start":"1.3.6","version_start_inclusive":true,"version_end":"1.3.6","version_end_inclusive":true,"cpe23_uri":"cve5:accesspress-themes:parallaxsome:1.3.6:1.3.6"},{"vendor_slug":"accesspress-themes","vendor_name":"AccessPress Themes","product_slug":"punte","product_name":"punte","version_start":"1.1.2","version_start_inclusive":true,"version_end":"1.1.2","version_end_inclusive":true,"cpe23_uri":"cve5:accesspress-themes:punte:1.1.2:1.1.2"},{"vendor_slug":"accesspress-themes","vendor_name":"AccessPress Themes","product_slug":"revolve","product_name":"revolve","version_start":"1.3.1","version_start_inclusive":true,"version_end":"1.3.1","version_end_inclusive":true,"cpe23_uri":"cve5:accesspress-themes:revolve:1.3.1:1.3.1"},{"vendor_slug":"accesspress-themes","vendor_name":"AccessPress Themes","product_slug":"ripple","product_name":"ripple","version_start":"1.2.0","version_start_inclusive":true,"version_end":"1.2.0","version_end_inclusive":true,"cpe23_uri":"cve5:accesspress-themes:ripple:1.2.0:1.2.0"},{"vendor_slug":"accesspress-themes","vendor_name":"AccessPress Themes","product_slug":"sakala","product_name":"sakala","version_start":"1.0.4","version_start_inclusive":true,"version_end":"1.0.4","version_end_inclusive":true,"cpe23_uri":"cve5:accesspress-themes:sakala:1.0.4:1.0.4"},{"vendor_slug":"accesspress-themes","vendor_name":"AccessPress Themes","product_slug":"scrollme","product_name":"scrollme","version_start":"2.1.0","version_start_inclusive":true,"version_end":"2.1.0","version_end_inclusive":true,"cpe23_uri":"cve5:accesspress-themes:scrollme:2.1.0:2.1.0"},{"vendor_slug":"accesspress-themes","vendor_name":"AccessPress Themes","product_slug":"storevilla","product_name":"storevilla","version_start":"1.4.1","version_start_inclusive":true,"version_end":"1.4.1","version_end_inclusive":true,"cpe23_uri":"cve5:accesspress-themes:storevilla:1.4.1:1.4.1"},{"vendor_slug":"accesspress-themes","vendor_name":"AccessPress Themes","product_slug":"swing-lite","product_name":"swing-lite","version_start":"1.1.9","version_start_inclusive":true,"version_end":"1.1.9","version_end_inclusive":true,"cpe23_uri":"cve5:accesspress-themes:swing-lite:1.1.9:1.1.9"},{"vendor_slug":"accesspress-themes","vendor_name":"AccessPress Themes","product_slug":"the100","product_name":"the100","version_start":"1.1.2","version_start_inclusive":true,"version_end":"1.1.2","version_end_inclusive":true,"cpe23_uri":"cve5:accesspress-themes:the100:1.1.2:1.1.2"},{"vendor_slug":"accesspress-themes","vendor_name":"AccessPress Themes","product_slug":"the-launcher","product_name":"the-launcher","version_start":"1.3.2","version_start_inclusive":true,"version_end":"1.3.2","version_end_inclusive":true,"cpe23_uri":"cve5:accesspress-themes:the-launcher:1.3.2:1.3.2"},{"vendor_slug":"accesspress-themes","vendor_name":"AccessPress Themes","product_slug":"the-monday","product_name":"the-monday","version_start":"1.4.1","version_start_inclusive":true,"version_end":"1.4.1","version_end_inclusive":true,"cpe23_uri":"cve5:accesspress-themes:the-monday:1.4.1:1.4.1"},{"vendor_slug":"accesspress-themes","vendor_name":"AccessPress Themes","product_slug":"ultra-seven","product_name":"ultra-seven","version_start":"1.2.8","version_start_inclusive":true,"version_end":"1.2.8","version_end_inclusive":true,"cpe23_uri":"cve5:accesspress-themes:ultra-seven:1.2.8:1.2.8"},{"vendor_slug":"accesspress-themes","vendor_name":"AccessPress Themes","product_slug":"uncode-lite","product_name":"uncode-lite","version_start":"1.3.3","version_start_inclusive":true,"version_end":"1.3.3","version_end_inclusive":true,"cpe23_uri":"cve5:accesspress-themes:uncode-lite:1.3.3:1.3.3"},{"vendor_slug":"accesspress-themes","vendor_name":"AccessPress Themes","product_slug":"vmag","product_name":"vmag","version_start":"1.2.7","version_start_inclusive":true,"version_end":"1.2.7","version_end_inclusive":true,"cpe23_uri":"cve5:accesspress-themes:vmag:1.2.7:1.2.7"},{"vendor_slug":"accesspress-themes","vendor_name":"AccessPress Themes","product_slug":"vmagazine-lite","product_name":"vmagazine-lite","version_start":"1.3.5","version_start_inclusive":true,"version_end":"1.3.5","version_end_inclusive":true,"cpe23_uri":"cve5:accesspress-themes:vmagazine-lite:1.3.5:1.3.5"},{"vendor_slug":"accesspress-themes","vendor_name":"AccessPress Themes","product_slug":"vmagazine-news","product_name":"vmagazine-news","version_start":"1.0.5","version_start_inclusive":true,"version_end":"1.0.5","version_end_inclusive":true,"cpe23_uri":"cve5:accesspress-themes:vmagazine-news:1.0.5:1.0.5"},{"vendor_slug":"accesspress-themes","vendor_name":"AccessPress Themes","product_slug":"wpparallax","product_name":"wpparallax","version_start":"2.0.6","version_start_inclusive":true,"version_end":"2.0.6","version_end_inclusive":true,"cpe23_uri":"cve5:accesspress-themes:wpparallax:2.0.6:2.0.6"},{"vendor_slug":"accesspress-themes","vendor_name":"AccessPress Themes","product_slug":"wp-store","product_name":"wp-store","version_start":"1.1.9","version_start_inclusive":true,"version_end":"1.1.9","version_end_inclusive":true,"cpe23_uri":"cve5:accesspress-themes:wp-store:1.1.9:1.1.9"},{"vendor_slug":"accesspress-themes","vendor_name":"AccessPress Themes","product_slug":"zigcy-baby","product_name":"zigcy-baby","version_start":"1.0.6","version_start_inclusive":true,"version_end":"1.0.6","version_end_inclusive":true,"cpe23_uri":"cve5:accesspress-themes:zigcy-baby:1.0.6:1.0.6"},{"vendor_slug":"accesspress-themes","vendor_name":"AccessPress Themes","product_slug":"zigcy-cosmetics","product_name":"zigcy-cosmetics","version_start":"1.0.5","version_start_inclusive":true,"version_end":"1.0.5","version_end_inclusive":true,"cpe23_uri":"cve5:accesspress-themes:zigcy-cosmetics:1.0.5:1.0.5"},{"vendor_slug":"accesspress-themes","vendor_name":"AccessPress Themes","product_slug":"zigcy-lite","product_name":"zigcy-lite","version_start":"2.0.9","version_start_inclusive":true,"version_end":"2.0.9","version_end_inclusive":true,"cpe23_uri":"cve5:accesspress-themes:zigcy-lite:2.0.9:2.0.9"}],"exploit_refs":[],"news":[],"references":[{"url":"https://www.wordfence.com/blog/2021/10/high-severity-vulnerability-patched-in-access-demo-importer-plugin/","source_type":"MISC","tags":["patch"]},{"url":"https://plugins.trac.wordpress.org/changeset/2592642/access-demo-importer/trunk/inc/demo-functions.php","source_type":"MISC","tags":[]},{"url":"https://plugins.trac.wordpress.org/changeset/2602132/access-demo-importer/trunk/inc/demo-functions.php","source_type":"MISC","tags":[]},{"url":"https://patchstack.com/articles/authenticated-vulnerability-in-unpatched-wordpress-themes/","source_type":"MISC","tags":["patch"]}],"timeline":[{"type":"published","at":"2021-10-11T15:48:57.291000Z","label":"CVE published","source":null},{"type":"ssvc_changed","at":"2026-06-24T00:31:45.921816Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-24T00:31:45.921816Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-24T00:31:45.921816Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:45.921816Z","label":"CVSS score revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:45.921816Z","label":"CVSS score revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:45.921816Z","label":"CVSS score revised","source":"vulnrichment"}]}