High severity7.2NVD Advisory· Published Mar 7, 2022· Updated Jun 17, 2026
CVE-2022-0440
CVE-2022-0440
Description
The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even in the case of an hardened blog (ie DISALLOW_UNFILTERED_HTML, DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS constants set to true)
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <2.1.1
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/2239095f-8a66-4a5d-ab49-1662a40fddf1nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.