154 matches found
CVE-2026-15336
The Catch Themes Demo Import plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 3.3. This is due to the catchthemesdemoimportactivateplugin function, hooked on admininit when the activateplugin GET parameter is present, calling PluginUpgrader::install to...
EUVD-2026-44855
The Catch Themes Demo Import plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 3.3. This is due to the catchthemesdemoimportactivateplugin function, hooked on admininit when the activateplugin GET parameter is present, calling PluginUpgrader::install to...
CVE-2026-15336
The CVE describes a vulnerability in the Catch Themes Demo Import plugin for WordPress (versions up to and including 3.3). The root cause is in catch_themes_demo_import_activate_plugin(), which is hooked on admin_init when the activate_plugin parameter is present and calls Plugin_Upgrader::instal...
Exploit for CVE-2026-39440
CVE-2026-39440 FunnelForms Fix A drop-in WordPress plugin t...
CVE-2022-0440
The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even in the case of an hardened blog ie DISALLOWUNFILTEREDHTML, DISALLOWFILEEDIT and DISALLOWFILEMODS...
CVE-2024-34433
Deserialization of Untrusted Data vulnerability in OCDI One Click Demo Import.This issue affects One Click Demo Import: from n/a through 3.2.0...
CVE-2024-2702
Missing Authorization vulnerability in Olive Themes Olive One Click Demo Import allows importing settings and data, ultimately leading to XSS.This issue affects Olive One Click Demo Import: from n/a through 1.1.1...
CVE-2025-62046
Missing Authorization vulnerability in CodexThemes TheGem Demo Import for WPBakery thegem-importer.This issue affects TheGem Demo Import for WPBakery: from n/a through = 5.10.5...
EUVD-2025-38077
Missing Authorization vulnerability in CodexThemes TheGem Demo Import for WPBakery thegem-importer.This issue affects TheGem Demo Import for WPBakery: from n/a through = 5.10.5...
CVE-2025-62046
Missing Authorization vulnerability in CodexThemes TheGem Demo Import for WPBakery thegem-importer.This issue affects TheGem Demo Import for WPBakery: from n/a through = 5.10.5...
CVE-2025-62046 WordPress TheGem Demo Import (for WPBakery) plugin <= 5.10.5 - Arbitrary Content Deletion vulnerability
Missing Authorization vulnerability in CodexThemes TheGem Demo Import for WPBakery thegem-importer.This issue affects TheGem Demo Import for WPBakery: from n/a through = 5.10.5...
CVE-2025-62046 WordPress TheGem Demo Import (for WPBakery) plugin <= 5.10.5 - Arbitrary Content Deletion vulnerability
Missing Authorization vulnerability in CodexThemes TheGem Demo Import for WPBakery thegem-importer.This issue affects TheGem Demo Import for WPBakery: from n/a through = 5.10.5...
CVE-2025-62046
CVE-2025-62046: WordPress TheGem Demo Import (for WPBakery) plugin up to version 5.10.5 has a Missing Authorization vulnerability that can lead to Arbitrary Content Deletion. Affected software: TheGem Demo Import (for WPBakery). Base CVSS v3.1 score: 6.5 (Medium). Connected sources confirm the is...
WordPress plugin TheGem Demo Import 安全漏洞
WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A security vulnerability exists in WordPress plugin...
PT-2025-45311
Missing Authorization vulnerability in CodexThemes TheGem Demo Import for WPBakery thegem-importer.This issue affects TheGem Demo Import for WPBakery: from n/a through = 5.10.5...
WordPress Demo Import Kit plugin Arbitrary File Upload Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An arbitrary file upload vulnerability exists in the WordPress Demo Import Kit plugin, which stems from a lack of file type validation in the import function and can be exploite...
CVE-2025-10051
The Demo Import Kit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.1.0 via the import functionality. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload...
CVE-2025-10051
The Demo Import Kit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.1.0 via the import functionality. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload...
CVE-2025-10051 Demo Import Kit <= 1.1.0 - Authenticated (Admin+) Arbitrary File Upload
The Demo Import Kit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.1.0 via the import functionality. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload...
CVE-2025-10051
CVE-2025-10051 affects the WordPress plugin “Demo Import Kit” (versions ≤ 1.1.0). The vulnerability is an authenticated arbitrary file upload due to missing file type validation in the import function, enabling an Administrator+ attacker to upload arbitrary files to the server and potentially ach...