QwikSec

Security Database

CVE

CWE

Training

CVE-2022-0440

Published: Mar 7, 2022

Modified: Aug 2, 2024

PUBLISHED

Description

The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even in the case of an hardened blog (ie DISALLOW_UNFILTERED_HTML, DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS constants set to true)

Vendor	Product	Versions
Unknown	Catch Themes Demo Import	affected `2.1.1 - < 2.1.1`

Weaknesses (CWE)

References

https://wpscan.com/vulnerability/2239095f-8a66-4a5d-ab49-1662a40fddf1

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.