Unauthorized Plugin Setting Change vulnerability discovered by apple502j in WordPress Catch Themes Demo Import plugin (versions <= 1.6.1).
Update the WordPress Catch Themes Demo Import plugin to the latest available version (at least 1.7).