CVE-2021-39352

Catch Themes Demo Import <= 1.7 Admin+ Arbitrary File Upload

CVSS 7.2 HIGHEPSS 56.6%CWE-434

Vexday Risk Score

33Attention

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.2EPSS 56.6%KEV nãoPoC —Patch —

Lifecycle

Oct 21, 2021Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with administrative privileges to upload malicious files that can be used to achieve remote code execution.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected products

Catch Themes Demo Import · Catch Themes Demo Import

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/165207/WordPress-Catch-Themes-Demo-Import-1.6.1-Shell-Upload.html http://packetstormsecurity.com/files/165463/WordPress-Catch-Themes-Demo-Import-Shell-Upload.html https://github.com/BigTiger2020/word-press/blob/main/Catch%20Themes%20Demo%20Import.md https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39352 https://plugins.trac.wordpress.org/changeset/2617555/catch-themes-demo-import/trunk/inc/CatchThemesDemoImport.php https://www.exploit-db.com/exploits/50580 https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39352