Catchplugins - Catch Themes Demo Import CVE

Filtered by vendor Catchplugins Subscribe

Filtered by product Catch Themes Demo Import

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 1 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2021-39352	1 Catchplugins	1 Catch Themes Demo Import	2022-02-28	6.5 MEDIUM	7.2 HIGH
The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with administrative privileges to upload malicious files that can be used to achieve remote code execution.

Vulnerabilities (CVE)