CVE-2021-24752

Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctpswitch AJAX action, which could allow any authenticated users, such as Subscriber to change the Essential Widgets WordPress plugin before 1.9, To Top WordPress plugin before 2.3, Header Enhancement...

PT-2021-16253 · Catch Themes · Catch Infinite Scroll +12

Name of the Vulnerable Software and Affected Versions: Essential Widgets WordPress plugin versions prior to 1.9 To Top WordPress plugin versions prior to 2.3 Header Enhancement WordPress plugin versions prior to 1.5 Generate Child Theme WordPress plugin versions prior to 1.6 Essential Content Typ...