CVE-2021-39352
CVE-2021-39352 affects the WordPress plugin Catch Themes Demo Import, vulnerable in versions up to 1.7 (pre-1.8). The root cause is insufficient file-type validation in ~/inc/CatchThemesDemoImport.php, enabling an authenticated administrator to upload arbitrary files that can be used for remote c...