VYPR

Catch Themes Demo Import

by WordPress

CVEs (1)

  • CVE-2022-0440HigMar 7, 2022
    risk 0.47cvss 7.2epss 0.01

    The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even in the case of an hardened blog (ie DISALLOW_UNFILTERED_HTML,…