High severity7.2NVD Advisory· Published Oct 21, 2021· Updated Jun 17, 2026
CVE-2021-39352
CVE-2021-39352
Description
The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with administrative privileges to upload malicious files that can be used to achieve remote code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=1.7
- Catch Themes Demo Import/Catch Themes Demo Importv5Range: 1.7
Patches
Vulnerability mechanics
References
7- plugins.trac.wordpress.org/changeset/2617555/catch-themes-demo-import/trunk/inc/CatchThemesDemoImport.phpnvdPatchThird Party Advisory
- packetstormsecurity.com/files/165207/WordPress-Catch-Themes-Demo-Import-1.6.1-Shell-Upload.htmlnvdExploitThird Party AdvisoryVDB Entry
- github.com/BigTiger2020/word-press/blob/main/Catch%20Themes%20Demo%20Import.mdnvdExploitThird Party Advisory
- github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39352nvdExploitThird Party Advisory
- www.exploit-db.com/exploits/50580nvdExploitThird Party AdvisoryVDB Entry
- packetstormsecurity.com/files/165463/WordPress-Catch-Themes-Demo-Import-Shell-Upload.htmlnvdThird Party AdvisoryVDB Entry
- www.wordfence.com/vulnerability-advisories/nvdThird Party Advisory
News mentions
0No linked articles in our index yet.