Descrição
The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with administrative privileges to upload malicious files that can be used to achieve remote code execution.
Software
Não informado
Tipo Software
Plugin
CVE
CVE-2021-39352
Tags
Nâo informado
Data de publicação
21/10/2021
Última atualização
08/12/2024
Pontuação em CVSS 3.0
7.2
Alto