Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 10:45 a.m.12 views

CVE-2022-0440

The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even in the case of an hardened blog ie DISALLOWUNFILTEREDHTML, DISALLOWFILEEDIT and DISALLOWFILEMODS...

7.2CVSS7.1AI score0.0142EPSS
Exploits2References1
NVD
NVD
added 2022/03/07 9:15 a.m.26 views

CVE-2022-0440

The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even in the case of an hardened blog ie DISALLOWUNFILTEREDHTML, DISALLOWFILEEDIT and DISALLOWFILEMODS...

7.2CVSS0.0142EPSS
Exploits2References1
Cvelist
Cvelist
added 2022/03/07 8:16 a.m.25 views

CVE-2022-0440 Catch Themes Demo Import < 2.1.1 - Admin+ Remote Code Execution

The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even in the case of an hardened blog ie DISALLOWUNFILTEREDHTML, DISALLOWFILEEDIT and DISALLOWFILEMODS...

7.4AI score0.0142EPSS
Exploits2References1
CVE
CVE
added 2022/03/07 8:16 a.m.99 views

CVE-2022-0440

Affected software. Catch Themes Demo Import WordPress plugin (versions before 2.1.1). Root cause. The plugin does not validate one of the files to be imported, enabling an elevated-privilege admin to upload an arbitrary PHP file. Impact. Remote Code Execution (RCE) potentially even on hardened Wo...

7.2CVSS7.2AI score0.0142EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder