Vulnerabilites related to catchplugins - catch_themes_demo_import
cve-2022-0440
Vulnerability from cvelistv5
Published
2022-03-07 08:16
Modified
2024-08-02 23:25
Severity ?
EPSS score ?
Summary
The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even in the case of an hardened blog (ie DISALLOW_UNFILTERED_HTML, DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS constants set to true)
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/2239095f-8a66-4a5d-ab49-1662a40fddf1 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Catch Themes Demo Import |
Version: 2.1.1 < 2.1.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.651Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/2239095f-8a66-4a5d-ab49-1662a40fddf1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Catch Themes Demo Import",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.1.1",
"status": "affected",
"version": "2.1.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "qerogram"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even in the case of an hardened blog (ie DISALLOW_UNFILTERED_HTML, DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS constants set to true)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-07T08:16:42",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/2239095f-8a66-4a5d-ab49-1662a40fddf1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Catch Themes Demo Import \u003c 2.1.1 - Admin+ Remote Code Execution",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-0440",
"STATE": "PUBLIC",
"TITLE": "Catch Themes Demo Import \u003c 2.1.1 - Admin+ Remote Code Execution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Catch Themes Demo Import",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.1.1",
"version_value": "2.1.1"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "qerogram"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even in the case of an hardened blog (ie DISALLOW_UNFILTERED_HTML, DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS constants set to true)"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/2239095f-8a66-4a5d-ab49-1662a40fddf1",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/2239095f-8a66-4a5d-ab49-1662a40fddf1"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-0440",
"datePublished": "2022-03-07T08:16:42",
"dateReserved": "2022-02-01T00:00:00",
"dateUpdated": "2024-08-02T23:25:40.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-24752
Vulnerability from cvelistv5
Published
2021-10-18 13:46
Modified
2024-08-03 19:42
Severity ?
EPSS score ?
Summary
Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctp_switch AJAX action, which could allow any authenticated users, such as Subscriber to change the Essential Widgets WordPress plugin before 1.9, To Top WordPress plugin before 2.3, Header Enhancement WordPress plugin before 1.5, Generate Child Theme WordPress plugin before 1.6, Essential Content Types WordPress plugin before 1.9, Catch Web Tools WordPress plugin before 2.7, Catch Under Construction WordPress plugin before 1.4, Catch Themes Demo Import WordPress plugin before 1.6, Catch Sticky Menu WordPress plugin before 1.7, Catch Scroll Progress Bar WordPress plugin before 1.6, Social Gallery and Widget WordPress plugin before 2.3, Catch Infinite Scroll WordPress plugin before 1.9, Catch Import Export WordPress plugin before 1.9, Catch Gallery WordPress plugin before 1.7, Catch Duplicate Switcher WordPress plugin before 1.6, Catch Breadcrumb WordPress plugin before 1.7, Catch IDs WordPress plugin before 2.4's configurations.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/181a729e-fffe-457c-9e8d-a4343fd2e630 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | CatchThemes | Essential Widgets |
Version: 1.9 < 1.9 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:42:16.684Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/181a729e-fffe-457c-9e8d-a4343fd2e630"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Essential Widgets",
"vendor": "CatchThemes",
"versions": [
{
"lessThan": "1.9",
"status": "affected",
"version": "1.9",
"versionType": "custom"
}
]
},
{
"product": "To Top",
"vendor": "CatchThemes",
"versions": [
{
"lessThan": "2.3",
"status": "affected",
"version": "2.3",
"versionType": "custom"
}
]
},
{
"product": "Header Enhancement",
"vendor": "CatchThemes",
"versions": [
{
"lessThan": "1.5",
"status": "affected",
"version": "1.5",
"versionType": "custom"
}
]
},
{
"product": "Generate Child Theme",
"vendor": "CatchThemes",
"versions": [
{
"lessThan": "1.6",
"status": "affected",
"version": "1.6",
"versionType": "custom"
}
]
},
{
"product": "Essential Content Types",
"vendor": "CatchThemes",
"versions": [
{
"lessThan": "1.9",
"status": "affected",
"version": "1.9",
"versionType": "custom"
}
]
},
{
"product": "Catch Web Tools",
"vendor": "CatchThemes",
"versions": [
{
"lessThan": "2.7",
"status": "affected",
"version": "2.7",
"versionType": "custom"
}
]
},
{
"product": "Catch Under Construction",
"vendor": "CatchThemes",
"versions": [
{
"lessThan": "1.4",
"status": "affected",
"version": "1.4",
"versionType": "custom"
}
]
},
{
"product": "Catch Themes Demo Import",
"vendor": "CatchThemes",
"versions": [
{
"lessThan": "1.6",
"status": "affected",
"version": "1.6",
"versionType": "custom"
}
]
},
{
"product": "Catch Sticky Menu",
"vendor": "CatchThemes",
"versions": [
{
"lessThan": "1.7",
"status": "affected",
"version": "1.7",
"versionType": "custom"
}
]
},
{
"product": "Catch Scroll Progress Bar",
"vendor": "CatchThemes",
"versions": [
{
"lessThan": "1.6",
"status": "affected",
"version": "1.6",
"versionType": "custom"
}
]
},
{
"product": "Social Gallery and Widget",
"vendor": "CatchThemes",
"versions": [
{
"lessThan": "2.3",
"status": "affected",
"version": "2.3",
"versionType": "custom"
}
]
},
{
"product": "Catch Infinite Scroll",
"vendor": "CatchThemes",
"versions": [
{
"lessThan": "1.9",
"status": "affected",
"version": "1.9",
"versionType": "custom"
}
]
},
{
"product": "Catch Import Export",
"vendor": "CatchThemes",
"versions": [
{
"lessThan": "1.9",
"status": "affected",
"version": "1.9",
"versionType": "custom"
}
]
},
{
"product": "Catch Gallery",
"vendor": "CatchThemes",
"versions": [
{
"lessThan": "1.7",
"status": "affected",
"version": "1.7",
"versionType": "custom"
}
]
},
{
"product": "Catch Duplicate Switcher",
"vendor": "CatchThemes",
"versions": [
{
"lessThan": "1.6",
"status": "affected",
"version": "1.6",
"versionType": "custom"
}
]
},
{
"product": "Catch Breadcrumb",
"vendor": "CatchThemes",
"versions": [
{
"lessThan": "1.7",
"status": "affected",
"version": "1.7",
"versionType": "custom"
}
]
},
{
"product": "Catch IDs",
"vendor": "CatchThemes",
"versions": [
{
"lessThan": "2.4",
"status": "affected",
"version": "2.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "apple502j"
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctp_switch AJAX action, which could allow any authenticated users, such as Subscriber to change the Essential Widgets WordPress plugin before 1.9, To Top WordPress plugin before 2.3, Header Enhancement WordPress plugin before 1.5, Generate Child Theme WordPress plugin before 1.6, Essential Content Types WordPress plugin before 1.9, Catch Web Tools WordPress plugin before 2.7, Catch Under Construction WordPress plugin before 1.4, Catch Themes Demo Import WordPress plugin before 1.6, Catch Sticky Menu WordPress plugin before 1.7, Catch Scroll Progress Bar WordPress plugin before 1.6, Social Gallery and Widget WordPress plugin before 2.3, Catch Infinite Scroll WordPress plugin before 1.9, Catch Import Export WordPress plugin before 1.9, Catch Gallery WordPress plugin before 1.7, Catch Duplicate Switcher WordPress plugin before 1.6, Catch Breadcrumb WordPress plugin before 1.7, Catch IDs WordPress plugin before 2.4\u0027s configurations."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-18T13:46:10",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/181a729e-fffe-457c-9e8d-a4343fd2e630"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Multiple Plugins from CatchThemes - Unauthorised Plugin\u0027s Setting Change",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24752",
"STATE": "PUBLIC",
"TITLE": "Multiple Plugins from CatchThemes - Unauthorised Plugin\u0027s Setting Change"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Essential Widgets",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.9",
"version_value": "1.9"
}
]
}
},
{
"product_name": "To Top",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.3",
"version_value": "2.3"
}
]
}
},
{
"product_name": "Header Enhancement",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.5",
"version_value": "1.5"
}
]
}
},
{
"product_name": "Generate Child Theme",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.6",
"version_value": "1.6"
}
]
}
},
{
"product_name": "Essential Content Types",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.9",
"version_value": "1.9"
}
]
}
},
{
"product_name": "Catch Web Tools",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.7",
"version_value": "2.7"
}
]
}
},
{
"product_name": "Catch Under Construction",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.4",
"version_value": "1.4"
}
]
}
},
{
"product_name": "Catch Themes Demo Import",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.6",
"version_value": "1.6"
}
]
}
},
{
"product_name": "Catch Sticky Menu",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.7",
"version_value": "1.7"
}
]
}
},
{
"product_name": "Catch Scroll Progress Bar",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.6",
"version_value": "1.6"
}
]
}
},
{
"product_name": "Social Gallery and Widget",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.3",
"version_value": "2.3"
}
]
}
},
{
"product_name": "Catch Infinite Scroll",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.9",
"version_value": "1.9"
}
]
}
},
{
"product_name": "Catch Import Export",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.9",
"version_value": "1.9"
}
]
}
},
{
"product_name": "Catch Gallery",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.7",
"version_value": "1.7"
}
]
}
},
{
"product_name": "Catch Duplicate Switcher",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.6",
"version_value": "1.6"
}
]
}
},
{
"product_name": "Catch Breadcrumb",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.7",
"version_value": "1.7"
}
]
}
},
{
"product_name": "Catch IDs",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.4",
"version_value": "2.4"
}
]
}
}
]
},
"vendor_name": "CatchThemes"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "apple502j"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctp_switch AJAX action, which could allow any authenticated users, such as Subscriber to change the Essential Widgets WordPress plugin before 1.9, To Top WordPress plugin before 2.3, Header Enhancement WordPress plugin before 1.5, Generate Child Theme WordPress plugin before 1.6, Essential Content Types WordPress plugin before 1.9, Catch Web Tools WordPress plugin before 2.7, Catch Under Construction WordPress plugin before 1.4, Catch Themes Demo Import WordPress plugin before 1.6, Catch Sticky Menu WordPress plugin before 1.7, Catch Scroll Progress Bar WordPress plugin before 1.6, Social Gallery and Widget WordPress plugin before 2.3, Catch Infinite Scroll WordPress plugin before 1.9, Catch Import Export WordPress plugin before 1.9, Catch Gallery WordPress plugin before 1.7, Catch Duplicate Switcher WordPress plugin before 1.6, Catch Breadcrumb WordPress plugin before 1.7, Catch IDs WordPress plugin before 2.4\u0027s configurations."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/181a729e-fffe-457c-9e8d-a4343fd2e630",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/181a729e-fffe-457c-9e8d-a4343fd2e630"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24752",
"datePublished": "2021-10-18T13:46:10",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:42:16.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-39352
Vulnerability from cvelistv5
Published
2021-10-21 19:38
Modified
2025-02-14 17:54
Severity ?
EPSS score ?
Summary
The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with administrative privileges to upload malicious files that can be used to achieve remote code execution.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Catch Themes Demo Import | Catch Themes Demo Import |
Version: 1.7 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:06:42.231Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39352"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2617555/catch-themes-demo-import/trunk/inc/CatchThemesDemoImport.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/BigTiger2020/word-press/blob/main/Catch%20Themes%20Demo%20Import.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165207/WordPress-Catch-Themes-Demo-Import-1.6.1-Shell-Upload.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165463/WordPress-Catch-Themes-Demo-Import-Shell-Upload.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39352"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/50580"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-39352",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-14T17:54:22.717837Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-14T17:54:38.315Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Catch Themes Demo Import",
"vendor": "Catch Themes Demo Import",
"versions": [
{
"lessThanOrEqual": "1.7",
"status": "affected",
"version": "1.7",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Thinkland Security Team"
}
],
"datePublic": "2021-10-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with administrative privileges to upload malicious files that can be used to achieve remote code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-07T19:23:47.000Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39352"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://plugins.trac.wordpress.org/changeset/2617555/catch-themes-demo-import/trunk/inc/CatchThemesDemoImport.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/BigTiger2020/word-press/blob/main/Catch%20Themes%20Demo%20Import.md"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/165207/WordPress-Catch-Themes-Demo-Import-1.6.1-Shell-Upload.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/165463/WordPress-Catch-Themes-Demo-Import-Shell-Upload.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39352"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/50580"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 1.7 or newer."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Catch Themes Demo Import \u003c= 1.7 Admin+ Arbitrary File Upload",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"DATE_PUBLIC": "2021-10-21T16:05:00.000Z",
"ID": "CVE-2021-39352",
"STATE": "PUBLIC",
"TITLE": "Catch Themes Demo Import \u003c= 1.7 Admin+ Arbitrary File Upload"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Catch Themes Demo Import",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.7",
"version_value": "1.7"
}
]
}
}
]
},
"vendor_name": "Catch Themes Demo Import"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Thinkland Security Team"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with administrative privileges to upload malicious files that can be used to achieve remote code execution."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39352",
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39352"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/2617555/catch-themes-demo-import/trunk/inc/CatchThemesDemoImport.php",
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/changeset/2617555/catch-themes-demo-import/trunk/inc/CatchThemesDemoImport.php"
},
{
"name": "https://github.com/BigTiger2020/word-press/blob/main/Catch%20Themes%20Demo%20Import.md",
"refsource": "MISC",
"url": "https://github.com/BigTiger2020/word-press/blob/main/Catch%20Themes%20Demo%20Import.md"
},
{
"name": "http://packetstormsecurity.com/files/165207/WordPress-Catch-Themes-Demo-Import-1.6.1-Shell-Upload.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/165207/WordPress-Catch-Themes-Demo-Import-1.6.1-Shell-Upload.html"
},
{
"name": "http://packetstormsecurity.com/files/165463/WordPress-Catch-Themes-Demo-Import-Shell-Upload.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/165463/WordPress-Catch-Themes-Demo-Import-Shell-Upload.html"
},
{
"name": "https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39352",
"refsource": "MISC",
"url": "https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39352"
},
{
"name": "https://www.exploit-db.com/exploits/50580",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/50580"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 1.7 or newer."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2021-39352",
"datePublished": "2021-10-21T19:38:41.649Z",
"dateReserved": "2021-08-20T00:00:00.000Z",
"dateUpdated": "2025-02-14T17:54:38.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2021-10-21 20:15
Modified
2024-11-21 06:19
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with administrative privileges to upload malicious files that can be used to achieve remote code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| catchplugins | catch_themes_demo_import | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:catchplugins:catch_themes_demo_import:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "20DC7E5C-982B-40B5-A83E-90A93FF16CEC",
"versionEndIncluding": "1.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with administrative privileges to upload malicious files that can be used to achieve remote code execution."
},
{
"lang": "es",
"value": "El plugin Catch Themes Demo Import de WordPress es vulnerable a una carga de archivos arbitrarios por medio de la funcionalidad import que se encuentra en el archivo ~/inc/CatchThemesDemoImport.php, en versiones hasta la 1.7 incluy\u00e9ndola, debido a una comprobaci\u00f3n insuficiente del tipo de archivo. Esto hace posible que un atacante con privilegios administrativos cargue archivos maliciosos que pueden ser usados para lograr una ejecuci\u00f3n de c\u00f3digo remota"
}
],
"id": "CVE-2021-39352",
"lastModified": "2024-11-21T06:19:23.133",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security@wordfence.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-21T20:15:08.060",
"references": [
{
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/165207/WordPress-Catch-Themes-Demo-Import-1.6.1-Shell-Upload.html"
},
{
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/165463/WordPress-Catch-Themes-Demo-Import-Shell-Upload.html"
},
{
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/BigTiger2020/word-press/blob/main/Catch%20Themes%20Demo%20Import.md"
},
{
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39352"
},
{
"source": "security@wordfence.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://plugins.trac.wordpress.org/changeset/2617555/catch-themes-demo-import/trunk/inc/CatchThemesDemoImport.php"
},
{
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/50580"
},
{
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39352"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/165207/WordPress-Catch-Themes-Demo-Import-1.6.1-Shell-Upload.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/165463/WordPress-Catch-Themes-Demo-Import-Shell-Upload.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/BigTiger2020/word-press/blob/main/Catch%20Themes%20Demo%20Import.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39352"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://plugins.trac.wordpress.org/changeset/2617555/catch-themes-demo-import/trunk/inc/CatchThemesDemoImport.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/50580"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39352"
}
],
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "security@wordfence.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-07 09:15
Modified
2024-11-21 06:38
Severity ?
Summary
The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even in the case of an hardened blog (ie DISALLOW_UNFILTERED_HTML, DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS constants set to true)
References
| ▼ | URL | Tags | |
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/2239095f-8a66-4a5d-ab49-1662a40fddf1 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/2239095f-8a66-4a5d-ab49-1662a40fddf1 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| catchplugins | catch_themes_demo_import | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:catchplugins:catch_themes_demo_import:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "0C3C15CC-3901-4A17-B197-5CE8A6621E22",
"versionEndExcluding": "2.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even in the case of an hardened blog (ie DISALLOW_UNFILTERED_HTML, DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS constants set to true)"
},
{
"lang": "es",
"value": "El plugin Catch Themes Demo Import de WordPress versiones anteriores a 2.1.1, no comprueba uno de los archivos a importar, lo que podr\u00eda permitir a un administrador con alto nivel de privacidad subir un archivo PHP arbitrario y conseguir una RCE incluso en el caso de un blog reforzado (es decir, las constantes DISALLOW_UNFILTERED_HTML, DISALLOW_FILE_EDIT y DISALLOW_FILE_MODS establecidas en true)"
}
],
"id": "CVE-2022-0440",
"lastModified": "2024-11-21T06:38:37.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-07T09:15:09.663",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/2239095f-8a66-4a5d-ab49-1662a40fddf1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/2239095f-8a66-4a5d-ab49-1662a40fddf1"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "contact@wpscan.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-18 14:15
Modified
2024-11-21 05:53
Severity ?
Summary
Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctp_switch AJAX action, which could allow any authenticated users, such as Subscriber to change the Essential Widgets WordPress plugin before 1.9, To Top WordPress plugin before 2.3, Header Enhancement WordPress plugin before 1.5, Generate Child Theme WordPress plugin before 1.6, Essential Content Types WordPress plugin before 1.9, Catch Web Tools WordPress plugin before 2.7, Catch Under Construction WordPress plugin before 1.4, Catch Themes Demo Import WordPress plugin before 1.6, Catch Sticky Menu WordPress plugin before 1.7, Catch Scroll Progress Bar WordPress plugin before 1.6, Social Gallery and Widget WordPress plugin before 2.3, Catch Infinite Scroll WordPress plugin before 1.9, Catch Import Export WordPress plugin before 1.9, Catch Gallery WordPress plugin before 1.7, Catch Duplicate Switcher WordPress plugin before 1.6, Catch Breadcrumb WordPress plugin before 1.7, Catch IDs WordPress plugin before 2.4's configurations.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/181a729e-fffe-457c-9e8d-a4343fd2e630 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/181a729e-fffe-457c-9e8d-a4343fd2e630 | Exploit, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:catchplugins:catch_scroll_progress_bar:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "253124C7-9B2A-459D-BE50-7FADDE1AF293",
"versionEndExcluding": "1.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:catchplugins:catch_sticky_menu:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "CA821ABF-F29A-403B-AAD1-EE8E9BBE4816",
"versionEndExcluding": "1.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:catchplugins:catch_themes_demo_import:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "CC8DD249-577D-4AE6-B7E1-4A1A646594E8",
"versionEndExcluding": "1.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:catchplugins:catch_under_construction:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "92E45DA0-E11C-48E7-8B9D-86CD894559F7",
"versionEndExcluding": "1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:catchplugins:catch_web_tools:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "F6ECA854-4B7C-407F-9BF6-A7DD13461C89",
"versionEndExcluding": "2.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:catchplugins:essential_content_types:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "517A7920-79F9-4664-BC8A-F0556C4DBC2C",
"versionEndExcluding": "1.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:catchplugins:essential_widgets:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "F4BD97EC-02DF-4910-B01F-37193C8AD4CF",
"versionEndExcluding": "1.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:catchplugins:generate_child_theme:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "E6F9F983-9824-4B6F-AC76-E3E6B2BC68A4",
"versionEndExcluding": "1.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:catchplugins:header_enhancement:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "9A772196-8DDE-435E-8811-611FD3D55A19",
"versionEndExcluding": "1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:catchplugins:to_top:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "0C48AC04-D962-49C3-8678-DB4008D3D500",
"versionEndExcluding": "2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctp_switch AJAX action, which could allow any authenticated users, such as Subscriber to change the Essential Widgets WordPress plugin before 1.9, To Top WordPress plugin before 2.3, Header Enhancement WordPress plugin before 1.5, Generate Child Theme WordPress plugin before 1.6, Essential Content Types WordPress plugin before 1.9, Catch Web Tools WordPress plugin before 2.7, Catch Under Construction WordPress plugin before 1.4, Catch Themes Demo Import WordPress plugin before 1.6, Catch Sticky Menu WordPress plugin before 1.7, Catch Scroll Progress Bar WordPress plugin before 1.6, Social Gallery and Widget WordPress plugin before 2.3, Catch Infinite Scroll WordPress plugin before 1.9, Catch Import Export WordPress plugin before 1.9, Catch Gallery WordPress plugin before 1.7, Catch Duplicate Switcher WordPress plugin before 1.6, Catch Breadcrumb WordPress plugin before 1.7, Catch IDs WordPress plugin before 2.4\u0027s configurations."
},
{
"lang": "es",
"value": "M\u00faltiples plugins del proveedor CatchThemes no llevan a cabo comprobaciones de capacidad y CSRF en la acci\u00f3n ctp_switch AJAX, que podr\u00eda permitir a cualquier usuario autenticado, como el suscriptor cambiar el plugin Essential Widgets de WordPress versiones anteriores a 1.9, To Top de WordPress versiones anteriores a 2. 3, el plugin Header Enhancement de WordPress versiones anteriores a 1.5, el plugin Generate Child Theme de WordPress versiones anteriores a 1.6, el plugin Essential Content Types de WordPress versiones anteriores a 1.9, el plugin Catch Web Tools de WordPress versiones anteriores a 2.7, el plugin Catch Under Construction de WordPress versiones anteriores a 1. 4, el plugin Catch Themes Demo Import de WordPress versiones anteriores a 1.6, el plugin Catch Sticky Menu de WordPress versiones anteriores a 1.7, el plugin Catch Scroll Progress Bar de WordPress versiones anteriores a 1.6, l plugin Social Gallery and Widget de WordPress versiones anteriores a 2.3, el plugin Catch Infinite Scroll de WordPress versiones anteriores a 1. 9, el plugin Catch Import Export de WordPress versiones anteriores a 1.9, el plugin Catch Gallery de WordPress versiones anteriores a 1.7, el plugin Catch Duplicate Switcher de WordPress versiones anteriores a 1.6, el plugin Catch Breadcrumb de WordPress versiones anteriores a 1.7, el plugin Catch IDs de WordPress versiones anteriores a las configuraciones de 2.4"
}
],
"id": "CVE-2021-24752",
"lastModified": "2024-11-21T05:53:41.640",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-18T14:15:10.040",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/181a729e-fffe-457c-9e8d-a4343fd2e630"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/181a729e-fffe-457c-9e8d-a4343fd2e630"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "contact@wpscan.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}