WordPress Catch Themes Demo Import plugin <= 1.7 - Arbitrary File Upload vulnerability

2021-10-2100:00:00

Thinkland Security Team

patchstack.com

0.936 High

EPSS

Percentile

99.1%

Arbitrary File Upload vulnerability discovered by Thinkland Security Team in WordPress Catch Themes Demo Import plugin (versions <= 1.7).

Solution

           Update the WordPress Catch Themes Demo Import plugin to the latest available version (at least 1.8).

CPENameOperatorVersion
catch themes demo importle1.7

CPE	Name	Operator	Version
	catch themes demo import	le	1.7

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39352

wordpress.org/plugins/catch-themes-demo-import/#developers

www.wordfence.com/vulnerability-advisories/

0.936 High

EPSS

Percentile

99.1%

Related for PATCHSTACK:6E79D7A928208CF18331501B2A61F370