CVE-2021-39352
published 2021-10-21CVE-2021-39352: The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php…
PriorityP266high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EXPLOIT
EPSS
55.73%
98.9th percentile
The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with administrative privileges to upload malicious files that can be used to achieve remote code execution.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| catch_themes_demo_import | catch_themes_demo_import | 1.7 – 1.7 | — |
| catchplugins | catch_themes_demo_import | <= 1.7 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for authenticated file upload requests targeting the Catch Themes Demo Import plugin's import functionality, specifically POST requests to endpoints associated with CatchThemesDemoImport.php. ↗
- →Alert on upload of non-whitelisted file types (e.g., PHP webshells) through the WordPress plugin import functionality by an authenticated administrative user. ↗
- →Flag installations of the Catch Themes Demo Import plugin at versions < 1.8 as vulnerable; version 1.8 is the patched release. ↗
- ·Re-exploitation may require a server reboot or waiting for an arbitrary timeout of approximately 5 minutes before the attack can be repeated. ↗
- ·Exploitation requires authenticated administrative privileges; unauthenticated exploitation is not possible with this vulnerability. ↗
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/165207/WordPress-Catch-Themes-Demo-Import-1.6.1-Shell-Upload.htmlhttp://packetstormsecurity.com/files/165463/WordPress-Catch-Themes-Demo-Import-Shell-Upload.htmlhttps://github.com/BigTiger2020/word-press/blob/main/Catch%20Themes%20Demo%20Import.mdhttps://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39352https://plugins.trac.wordpress.org/changeset/2617555/catch-themes-demo-import/trunk/inc/CatchThemesDemoImport.phphttps://www.exploit-db.com/exploits/50580https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39352http://packetstormsecurity.com/files/165207/WordPress-Catch-Themes-Demo-Import-1.6.1-Shell-Upload.htmlhttp://packetstormsecurity.com/files/165463/WordPress-Catch-Themes-Demo-Import-Shell-Upload.htmlhttps://github.com/BigTiger2020/word-press/blob/main/Catch%20Themes%20Demo%20Import.mdhttps://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39352https://plugins.trac.wordpress.org/changeset/2617555/catch-themes-demo-import/trunk/inc/CatchThemesDemoImport.phphttps://www.exploit-db.com/exploits/50580https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39352
2021-10-21
Published