← volver
CVE-2022-0440

Catch Themes Demo Import < 2.1.1 - Admin+ Remote Code Execution

EPSS 1.4%CWE-434
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS EPSS 1.4%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
07 mar 2022Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even in the case of an hardened blog (ie DISALLOW_UNFILTERED_HTML, DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS constants set to true)
Productos afectados
Unknown · Catch Themes Demo Import

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://wpscan.com/vulnerability/2239095f-8a66-4a5d-ab49-1662a40fddf1