← Back

CVE-2021-39352

nvd nist
Published: Oct 21, 2021Modified: Jun 17, 2026

JSON object

Loading...
7.2
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.2 / Impact: 5.9
Source: NVD

Description

The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with administrative privileges to upload malicious files that can be used to achieve remote code execution.

Affected (1)

Catchplugins
1 product
Catch Themes Demo Import
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Catch Themes Demo Import
Up to 1.7

Related CWEs

CWE-434
Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (14)

Source: security@wordfence.com
ExploitThird Party AdvisoryVDB Entry
Source: security@wordfence.com
Third Party AdvisoryVDB Entry
Source: security@wordfence.com
ExploitThird Party Advisory
Source: security@wordfence.com
ExploitThird Party Advisory
Source: security@wordfence.com
PatchThird Party Advisory
Source: security@wordfence.com
ExploitThird Party AdvisoryVDB Entry
Source: security@wordfence.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.