Lucene search
China National Vulnerability DatabaseCNVD-2021-83670HistoryOct 25, 2021 - 12:00 a.m.
WordPress code issue vulnerability (CNVD-2021-83670)
2021-10-2500:00:00
China National Vulnerability Database
www.cnvd.org.cn
7
0.936 High
EPSS
Percentile
99.1%
WordPress is a set of blogging platforms developed by the WordPress (Wordpress) Foundation using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. A code issue vulnerability exists in the WordPress plugin Catch Themes Demo Import in versions 1.7 and below, which stems from a file type validation of the import function in the ~/inc/CatchThemesDemoImport.php file. is insufficient. An attacker with administrative privileges could upload a malicious file that could be used to implement remote code execution.
| CPE | Name | Operator | Version |
|---|---|---|---|
| wordpress catch themes demo import | le | 1.7 |
Related
zdt
zdt
prion
prion
Design/Logic Flaw
2021-10-21 20:15:00
packetstorm
packetstorm
WordPress Catch Themes Demo Import 1.6.1 Shell Upload
2021-12-09 00:00:00
WordPress Catch Themes Demo Import Shell Upload
2022-01-05 00:00:00
patchstack
patchstack
cve
cve
CVE-2021-39352
2021-10-21 20:15:08
wpvulndb
wpvulndb
Catch Themes Demo Import < 1.8 - Admin+ Arbitrary File Upload
2021-10-21 00:00:00
nvd
nvd
CVE-2021-39352
2021-10-21 20:15:08
metasploit
metasploit
Wordpress Plugin Catch Themes Demo Import RCE
2021-12-22 01:04:09
exploitdb
exploitdb
cvelist
cvelist
CVE-2021-39352 Catch Themes Demo Import <= 1.7 Admin+ Arbitrary File Upload
2021-10-21 00:00:00
rapid7blog
rapid7blog
Metasploit Wrap-Up
2022-01-07 17:28:25