WordPress is a set of blogging platforms developed by the WordPress (Wordpress) Foundation using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. A code issue vulnerability exists in the WordPress plugin Catch Themes Demo Import in versions 1.7 and below, which stems from a file type validation of the import function in the ~/inc/CatchThemesDemoImport.php file. is insufficient. An attacker with administrative privileges could upload a malicious file that could be used to implement remote code execution.
CPE | Name | Operator | Version |
---|---|---|---|
wordpress catch themes demo import | le | 1.7 |