CVE-2021-39352 : The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file up

The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with administrative privileges to upload malicious files that can be used to achieve remote code execution.

Published 2021-10-21 20:15:08

Updated 2022-02-28 14:59:34

Source Wordfence

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2021-39352

Catchplugins » Catch Themes Demo Import » For Wordpress
Versions up to, including, (<=) 1.7
cpe:2.3:a:catchplugins:catch_themes_demo_import:*:*:*:*:*:wordpress:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2021-39352

EPSS FAQ

83.37%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 99 %

Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2021-39352

Wordpress Plugin Catch Themes Demo Import RCE

Disclosure Date: 2021-10-21

First seen: 2022-12-23

exploit/multi/http/wp_catch_themes_demo_import

The Wordpress Plugin Catch Themes Demo Import versions < 1.8 are vulnerable to authenticated arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, due to insufficient file type validation. Re-exploitation may n

More information

CVSS scores for CVE-2021-39352

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.5	MEDIUM	AV:N/AC:L/Au:S/C:P/I:P/A:P	8.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
7.2	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	1.2	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
7.2	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	1.2	5.9	Wordfence
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2021-39352

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Assigned by:
- nvd@nist.gov (Secondary)
- security@wordfence.com (Primary)

References for CVE-2021-39352

https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39352

Exploits/Wordpress/CVE-2021-39352 at main · Hacker5preme/Exploits · GitHub
Exploit;Third Party Advisory
https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39352

Vulnerability Advisories - Wordfence
Third Party Advisory
https://github.com/BigTiger2020/word-press/blob/main/Catch%20Themes%20Demo%20Import.md

word-press/Catch Themes Demo Import.md at main · BigTiger2020/word-press · GitHub
Exploit;Third Party Advisory
http://packetstormsecurity.com/files/165463/WordPress-Catch-Themes-Demo-Import-Shell-Upload.html

WordPress Catch Themes Demo Import Shell Upload ≈ Packet Storm
Third Party Advisory;VDB Entry
http://packetstormsecurity.com/files/165207/WordPress-Catch-Themes-Demo-Import-1.6.1-Shell-Upload.html

WordPress Catch Themes Demo Import 1.6.1 Shell Upload ≈ Packet Storm
Exploit;Third Party Advisory;VDB Entry
https://plugins.trac.wordpress.org/changeset/2617555/catch-themes-demo-import/trunk/inc/CatchThemesDemoImport.php

Changeset 2617555 for catch-themes-demo-import/trunk/inc/CatchThemesDemoImport.php – WordPress Plugin Repository
Patch;Third Party Advisory
https://www.exploit-db.com/exploits/50580

Wordpress Plugin Catch Themes Demo Import 1.6.1 - Remote Code Execution (RCE) (Authenticated) - PHP webapps Exploit
Exploit;Third Party Advisory;VDB Entry

Jump to