Lucene search
WpvulndbWPVDB-ID:781F2FF4-CB94-40D7-96CB-90128DAED862HistoryOct 21, 2021 - 12:00 a.m.
Catch Themes Demo Import < 1.8 - Admin+ Arbitrary File Upload
2021-10-2100:00:00
wpscan.com
13
0.936 High
EPSS
Percentile
99.1%
The plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with administrative privileges to upload malicious files that can be used to achieve remote code execution.
| CPE | Name | Operator | Version |
|---|---|---|---|
| catch-themes-demo-import | lt | 1.8 |
Related
cnvd
cnvd
WordPress code issue vulnerability (CNVD-2021-83670)
2021-10-25 00:00:00
zdt
zdt
prion
prion
Design/Logic Flaw
2021-10-21 20:15:00
packetstorm
packetstorm
WordPress Catch Themes Demo Import 1.6.1 Shell Upload
2021-12-09 00:00:00
WordPress Catch Themes Demo Import Shell Upload
2022-01-05 00:00:00
patchstack
patchstack
cve
cve
CVE-2021-39352
2021-10-21 20:15:08
nvd
nvd
CVE-2021-39352
2021-10-21 20:15:08
metasploit
metasploit
Wordpress Plugin Catch Themes Demo Import RCE
2021-12-22 01:04:09
cvelist
cvelist
CVE-2021-39352 Catch Themes Demo Import <= 1.7 Admin+ Arbitrary File Upload
2021-10-21 00:00:00
exploitdb
exploitdb
rapid7blog
rapid7blog
Metasploit Wrap-Up
2022-01-07 17:28:25