Lucene search
K

16 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 10:45 a.m.12 views

CVE-2022-0440

The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even in the case of an hardened blog ie DISALLOWUNFILTEREDHTML, DISALLOWFILEEDIT and DISALLOWFILEMODS...

7.2CVSS7.1AI score0.0142EPSS
Exploits2References1
OSV
OSV
added 2022/03/07 9:15 a.m.4 views

CVE-2022-0440

The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even in the case of an hardened blog ie DISALLOWUNFILTEREDHTML, DISALLOWFILEEDIT and DISALLOWFILEMODS...

7.2CVSS7.1AI score0.0142EPSS
Exploits2References1
Prion
Prion
added 2022/03/07 9:15 a.m.18 views

Design/Logic Flaw

The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even in the case of an hardened blog ie DISALLOWUNFILTEREDHTML, DISALLOWFILEEDIT and DISALLOWFILEMODS...

6.5CVSS7.2AI score0.0142EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2022/03/07 8:16 a.m.26 views

CVE-2022-0440 Catch Themes Demo Import < 2.1.1 - Admin+ Remote Code Execution

The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even in the case of an hardened blog ie DISALLOWUNFILTEREDHTML, DISALLOWFILEEDIT and DISALLOWFILEMODS...

7.4AI score0.0142EPSS
Exploits2References1
CVE
CVE
added 2022/03/07 8:16 a.m.99 views

CVE-2022-0440

Affected software. Catch Themes Demo Import WordPress plugin (versions before 2.1.1). Root cause. The plugin does not validate one of the files to be imported, enabling an elevated-privilege admin to upload an arbitrary PHP file. Impact. Remote Code Execution (RCE) potentially even on hardened Wo...

7.2CVSS7.2AI score0.0142EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2022/03/07 12:0 a.m.5 views

WordPress plugin Catch Themes Demo Import 代码问题漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A code issue vulnerability exists in the WordPress plugin Cat...

7.2CVSS7.4AI score0.0142EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2022/02/07 12:0 a.m.19 views

Catch Themes Demo Import < 2.1.1 - Admin+ Remote Code Execution

The plugin does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even in the case of an hardened blog ie DISALLOWUNFILTEREDHTML, DISALLOWFILEEDIT and DISALLOWFILEMODS constants set to true PoC Author : qerogram impo...

7.2CVSS0.0142EPSS
Exploits2Affected Software1
Rapid7 Blog
Rapid7 Blog
added 2022/01/07 5:28 p.m.164 views

Metasploit Wrap-Up

Dump Windows secrets from Active Directory This week, our very own Christophe De La Fuente added an important update to the existing Windows Secret Dump module. It is now able to dump secrets from Active Directory, which will be very useful for Metasploit users. This new feature uses the Director...

7.5CVSS0.2AI score0.93514EPSS
Exploits61
Packet Storm
Packet Storm
added 2022/01/05 12:0 a.m.304 views

WordPress Catch Themes Demo Import Shell Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress Plugin Catch Themes Demo Import RCE', 'Description' = %q The Wordpress Plugin Catch Themes Demo Import versions MSFLICENSE, 'Author' =...

7.2CVSS0.55729EPSS
Exploits6
0day.today
0day.today
added 2021/12/09 12:0 a.m.461 views

Wordpress Catch Themes Demo Import 1.6.1 Plugin- Remote Code Execution Exploit

Exploit Title: Wordpress Plugin Catch Themes Demo Import 1.6.1 - Remote Code Execution RCE Authenticated Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://wordpress.org/plugins/catch-themes-demo-import/ Software Link:...

7.2CVSS0.1AI score0.55729EPSS
Exploits6
CNVD
CNVD
added 2021/10/25 12:0 a.m.32 views

WordPress code issue vulnerability (CNVD-2021-83670)

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A code issue vulnerability exists in the WordPress plugin Catch Themes Demo Import in versions 1.7 a...

7.2CVSS7.2AI score0.55729EPSS
Exploits6References1
NVD
NVD
added 2021/10/21 8:15 p.m.54 views

CVE-2021-39352

The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the /inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with...

7.2CVSS0.55729EPSS
Exploits6References7
Prion
Prion
added 2021/10/21 8:15 p.m.32 views

Design/Logic Flaw

The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the /inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with...

6.5CVSS7.2AI score0.55729EPSS
Exploits6References7Affected Software1
Vulnrichment
Vulnrichment
added 2021/10/21 7:38 p.m.18 views

CVE-2021-39352 Catch Themes Demo Import <= 1.7 Admin+ Arbitrary File Upload

The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the /inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with...

7.2CVSS7.6AI score0.55729EPSS
Exploits6References7
Cvelist
Cvelist
added 2021/10/21 7:38 p.m.49 views

CVE-2021-39352 Catch Themes Demo Import <= 1.7 Admin+ Arbitrary File Upload

The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the /inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with...

7.2CVSS7.5AI score0.55729EPSS
Exploits6References7
WPVulnDB
WPVulnDB
added 2021/10/21 12:0 a.m.40 views

Catch Themes Demo Import < 1.8 - Admin+ Arbitrary File Upload

The plugin is vulnerable to arbitrary file uploads via the import functionality found in the /inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with administrative privileges to upload maliciou...

7.2CVSS7AI score0.55729EPSS
Exploits6References3Affected Software1
Rows per page
Query Builder