VYPR

Crafthemes Demo Import

by WordPress

Source repositories

CVEs (4)

  • CVE-2021-39352HigOct 21, 2021
    risk 0.54cvss 7.2epss 0.56

    The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an…

  • CVE-2024-9698HigDec 14, 2024
    risk 0.51cvss 7.2epss 0.02

    The Crafthemes Demo Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'process_uploaded_files' function in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with…

  • CVE-2024-34800HigJun 10, 2024
    risk 0.49cvss 7.6epss 0.00

    Missing Authorization vulnerability in Crafthemes Crafthemes Demo Import crafthemes-demo-import allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Crafthemes Demo Import: from n/a through <= 3.3.

  • CVE-2022-0440HigMar 7, 2022
    risk 0.47cvss 7.2epss 0.01

    The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even in the case of an hardened blog (ie DISALLOW_UNFILTERED_HTML,…