AccessPress Themes (WordPress Ecosystem)
AccessPress Themes/Plugins backdoored via vendor site compromise
The website of AccessPress Themes (also known as Access Keys), a vendor of numerous popular WordPress themes and plugins, was compromised. Attackers injected a backdoor into the downloadable zip files of dozens of their themes and plugins hosted on their site. This backdoor allowed attackers full control over websites that installed or updated these compromised extensions.
- Date
- 2021-09-02 to 2022-01-17
- Category
- Open Source
- Target Surface
- Distribution
- Insertion Phase
- distribution
- Impact
- Backdoor
- Cause
- Compromised Infrastructure
What Was Affected
Package
AccessPress Themes (WordPress Ecosystem)
LanguagePHP
ComponentLibrary
Artifact typesource archive
Domain typeproject download host
Domain
accesspressthemes.com
Compromised Versions
- Dozens of themes/plugins from AccessPress Themes/Access Keys (see references for specific lists)
Incident Context
- Motive
- Unauthorized Access/Control
- Attribution
- Individual Hacker
- Transitive
- No
- User Impact
- 360000
- Observed Duration
- 137 days
Evidence
Compromised Artifacts
- pkg:generic/accesspress-theme?repository_url=https://accesspressthemes.com
- pkg:generic/accesspress-plugin?repository_url=https://accesspressthemes.com
Additional Artifacts
Indicators and Changes
Hashes
sha256:0918af9a5c6060dec985b98bbf54030cd29f1701ca9fdb6abfc1e39f90e5113e
External References
Source Data
Source record: oss/accesspress/meta.yaml