Catchplugins ≫ Catch Themes Demo Import

3 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.

7.2

CVE-2022-0440

Exploit

EPSS 0.88%
Veröffentlicht 07.03.2022 09:15:09
Zuletzt bearbeitet 21.11.2024 06:38:37

The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even in the case of an hardened blog (ie DISALLOW_UNFIL...

7.2

CVE-2021-39352

Exploit

EPSS 75.59%
Veröffentlicht 21.10.2021 20:15:08
Zuletzt bearbeitet 21.11.2024 06:19:23

The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This ...

5.7

CVE-2021-24752

Exploit

EPSS 0.13%
Veröffentlicht 18.10.2021 14:15:10
Zuletzt bearbeitet 21.11.2024 05:53:41

Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctp_switch AJAX action, which could allow any authenticated users, such as Subscriber to change the Essential Widgets WordPress plugin before 1.9, To Top Wo...

Team-orientierte Vulnerability Management Plattform

Features der Plattform

Catchplugins ≫ Catch Themes Demo Import

CVE-2022-0440

CVE-2021-39352

CVE-2021-24752