cvelistv5 - cve-2021-39352

CVE-2021-39352 (GCVE-0-2021-39352)

Vulnerability from cvelistv5 – Published: 2021-10-21 19:38 – Updated: 2025-02-14 17:54

Summary

The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with administrative privileges to upload malicious files that can be used to achieve remote code execution.

Severity ?

7.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-434 - Unrestricted Upload of File with Dangerous Type

Assigner

Wordfence

References

URL

Tags

	https://www.wordfence.com/vulnerability-advisorie…	x_refsource_MISC
	https://plugins.trac.wordpress.org/changeset/2617…	x_refsource_MISC
	https://github.com/BigTiger2020/word-press/blob/m…	x_refsource_MISC
	http://packetstormsecurity.com/files/165207/WordP…	x_refsource_MISC
	http://packetstormsecurity.com/files/165463/WordP…	x_refsource_MISC
	https://github.com/Hacker5preme/Exploits/tree/mai…	x_refsource_MISC
	https://www.exploit-db.com/exploits/50580	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Catch Themes Demo Import	Catch Themes Demo Import	Affected: 1.7 , ≤ 1.7 (custom)

Credits

Thinkland Security Team

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T02:06:42.231Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39352"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/changeset/2617555/catch-themes-demo-import/trunk/inc/CatchThemesDemoImport.php"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/BigTiger2020/word-press/blob/main/Catch%20Themes%20Demo%20Import.md"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165207/WordPress-Catch-Themes-Demo-Import-1.6.1-Shell-Upload.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165463/WordPress-Catch-Themes-Demo-Import-Shell-Upload.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39352"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/50580"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-39352",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-14T17:54:22.717837Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-14T17:54:38.315Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Catch Themes Demo Import",
          "vendor": "Catch Themes Demo Import",
          "versions": [
            {
              "lessThanOrEqual": "1.7",
              "status": "affected",
              "version": "1.7",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Thinkland Security Team"
        }
      ],
      "datePublic": "2021-10-21T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with administrative privileges to upload malicious files that can be used to achieve remote code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-434",
              "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-07T19:23:47.000Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39352"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://plugins.trac.wordpress.org/changeset/2617555/catch-themes-demo-import/trunk/inc/CatchThemesDemoImport.php"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/BigTiger2020/word-press/blob/main/Catch%20Themes%20Demo%20Import.md"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/165207/WordPress-Catch-Themes-Demo-Import-1.6.1-Shell-Upload.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/165463/WordPress-Catch-Themes-Demo-Import-Shell-Upload.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39352"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.exploit-db.com/exploits/50580"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Update to version 1.7 or newer."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Catch Themes Demo Import \u003c= 1.7 Admin+ Arbitrary File Upload",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "AKA": "Wordfence",
          "ASSIGNER": "security@wordfence.com",
          "DATE_PUBLIC": "2021-10-21T16:05:00.000Z",
          "ID": "CVE-2021-39352",
          "STATE": "PUBLIC",
          "TITLE": "Catch Themes Demo Import \u003c= 1.7 Admin+ Arbitrary File Upload"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Catch Themes Demo Import",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "1.7",
                            "version_value": "1.7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Catch Themes Demo Import"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Thinkland Security Team"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with administrative privileges to upload malicious files that can be used to achieve remote code execution."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39352",
              "refsource": "MISC",
              "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39352"
            },
            {
              "name": "https://plugins.trac.wordpress.org/changeset/2617555/catch-themes-demo-import/trunk/inc/CatchThemesDemoImport.php",
              "refsource": "MISC",
              "url": "https://plugins.trac.wordpress.org/changeset/2617555/catch-themes-demo-import/trunk/inc/CatchThemesDemoImport.php"
            },
            {
              "name": "https://github.com/BigTiger2020/word-press/blob/main/Catch%20Themes%20Demo%20Import.md",
              "refsource": "MISC",
              "url": "https://github.com/BigTiger2020/word-press/blob/main/Catch%20Themes%20Demo%20Import.md"
            },
            {
              "name": "http://packetstormsecurity.com/files/165207/WordPress-Catch-Themes-Demo-Import-1.6.1-Shell-Upload.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/165207/WordPress-Catch-Themes-Demo-Import-1.6.1-Shell-Upload.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/165463/WordPress-Catch-Themes-Demo-Import-Shell-Upload.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/165463/WordPress-Catch-Themes-Demo-Import-Shell-Upload.html"
            },
            {
              "name": "https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39352",
              "refsource": "MISC",
              "url": "https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39352"
            },
            {
              "name": "https://www.exploit-db.com/exploits/50580",
              "refsource": "MISC",
              "url": "https://www.exploit-db.com/exploits/50580"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Update to version 1.7 or newer."
          }
        ],
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2021-39352",
    "datePublished": "2021-10-21T19:38:41.649Z",
    "dateReserved": "2021-08-20T00:00:00.000Z",
    "dateUpdated": "2025-02-14T17:54:38.315Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:catchplugins:catch_themes_demo_import:*:*:*:*:*:wordpress:*:*\", \"versionEndIncluding\": \"1.7\", \"matchCriteriaId\": \"20DC7E5C-982B-40B5-A83E-90A93FF16CEC\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with administrative privileges to upload malicious files that can be used to achieve remote code execution.\"}, {\"lang\": \"es\", \"value\": \"El plugin Catch Themes Demo Import de WordPress es vulnerable a una carga de archivos arbitrarios por medio de la funcionalidad import que se encuentra en el archivo ~/inc/CatchThemesDemoImport.php, en versiones hasta la 1.7 incluy\\u00e9ndola, debido a una comprobaci\\u00f3n insuficiente del tipo de archivo. Esto hace posible que un atacante con privilegios administrativos cargue archivos maliciosos que pueden ser usados para lograr una ejecuci\\u00f3n de c\\u00f3digo remota\"}]",
      "id": "CVE-2021-39352",
      "lastModified": "2024-11-21T06:19:23.133",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security@wordfence.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.2, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.2, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2021-10-21T20:15:08.060",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/165207/WordPress-Catch-Themes-Demo-Import-1.6.1-Shell-Upload.html\", \"source\": \"security@wordfence.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://packetstormsecurity.com/files/165463/WordPress-Catch-Themes-Demo-Import-Shell-Upload.html\", \"source\": \"security@wordfence.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://github.com/BigTiger2020/word-press/blob/main/Catch%20Themes%20Demo%20Import.md\", \"source\": \"security@wordfence.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39352\", \"source\": \"security@wordfence.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://plugins.trac.wordpress.org/changeset/2617555/catch-themes-demo-import/trunk/inc/CatchThemesDemoImport.php\", \"source\": \"security@wordfence.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.exploit-db.com/exploits/50580\", \"source\": \"security@wordfence.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39352\", \"source\": \"security@wordfence.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/165207/WordPress-Catch-Themes-Demo-Import-1.6.1-Shell-Upload.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://packetstormsecurity.com/files/165463/WordPress-Catch-Themes-Demo-Import-Shell-Upload.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://github.com/BigTiger2020/word-press/blob/main/Catch%20Themes%20Demo%20Import.md\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39352\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://plugins.trac.wordpress.org/changeset/2617555/catch-themes-demo-import/trunk/inc/CatchThemesDemoImport.php\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.exploit-db.com/exploits/50580\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39352\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "security@wordfence.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security@wordfence.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-434\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-434\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-39352\",\"sourceIdentifier\":\"security@wordfence.com\",\"published\":\"2021-10-21T20:15:08.060\",\"lastModified\":\"2024-11-21T06:19:23.133\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with administrative privileges to upload malicious files that can be used to achieve remote code execution.\"},{\"lang\":\"es\",\"value\":\"El plugin Catch Themes Demo Import de WordPress es vulnerable a una carga de archivos arbitrarios por medio de la funcionalidad import que se encuentra en el archivo ~/inc/CatchThemesDemoImport.php, en versiones hasta la 1.7 incluy\u00e9ndola, debido a una comprobaci\u00f3n insuficiente del tipo de archivo. Esto hace posible que un atacante con privilegios administrativos cargue archivos maliciosos que pueden ser usados para lograr una ejecuci\u00f3n de c\u00f3digo remota\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@wordfence.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security@wordfence.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-434\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-434\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:catchplugins:catch_themes_demo_import:*:*:*:*:*:wordpress:*:*\",\"versionEndIncluding\":\"1.7\",\"matchCriteriaId\":\"20DC7E5C-982B-40B5-A83E-90A93FF16CEC\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/165207/WordPress-Catch-Themes-Demo-Import-1.6.1-Shell-Upload.html\",\"source\":\"security@wordfence.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/165463/WordPress-Catch-Themes-Demo-Import-Shell-Upload.html\",\"source\":\"security@wordfence.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://github.com/BigTiger2020/word-press/blob/main/Catch%20Themes%20Demo%20Import.md\",\"source\":\"security@wordfence.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39352\",\"source\":\"security@wordfence.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://plugins.trac.wordpress.org/changeset/2617555/catch-themes-demo-import/trunk/inc/CatchThemesDemoImport.php\",\"source\":\"security@wordfence.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/50580\",\"source\":\"security@wordfence.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39352\",\"source\":\"security@wordfence.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/165207/WordPress-Catch-Themes-Demo-Import-1.6.1-Shell-Upload.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/165463/WordPress-Catch-Themes-Demo-Import-Shell-Upload.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://github.com/BigTiger2020/word-press/blob/main/Catch%20Themes%20Demo%20Import.md\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39352\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://plugins.trac.wordpress.org/changeset/2617555/catch-themes-demo-import/trunk/inc/CatchThemesDemoImport.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/50580\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39352\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39352\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://plugins.trac.wordpress.org/changeset/2617555/catch-themes-demo-import/trunk/inc/CatchThemesDemoImport.php\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/BigTiger2020/word-press/blob/main/Catch%20Themes%20Demo%20Import.md\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/165207/WordPress-Catch-Themes-Demo-Import-1.6.1-Shell-Upload.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/165463/WordPress-Catch-Themes-Demo-Import-Shell-Upload.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39352\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://www.exploit-db.com/exploits/50580\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T02:06:42.231Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-39352\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-14T17:54:22.717837Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-14T17:54:15.353Z\"}}], \"cna\": {\"title\": \"Catch Themes Demo Import \u003c= 1.7 Admin+ Arbitrary File Upload\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"value\": \"Thinkland Security Team\"}], \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Catch Themes Demo Import\", \"product\": \"Catch Themes Demo Import\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.7\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.7\"}]}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Update to version 1.7 or newer.\"}], \"datePublic\": \"2021-10-21T00:00:00.000Z\", \"references\": [{\"url\": \"https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39352\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://plugins.trac.wordpress.org/changeset/2617555/catch-themes-demo-import/trunk/inc/CatchThemesDemoImport.php\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/BigTiger2020/word-press/blob/main/Catch%20Themes%20Demo%20Import.md\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://packetstormsecurity.com/files/165207/WordPress-Catch-Themes-Demo-Import-1.6.1-Shell-Upload.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://packetstormsecurity.com/files/165463/WordPress-Catch-Themes-Demo-Import-Shell-Upload.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39352\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.exploit-db.com/exploits/50580\", \"tags\": [\"x_refsource_MISC\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with administrative privileges to upload malicious files that can be used to achieve remote code execution.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-434\", \"description\": \"CWE-434 Unrestricted Upload of File with Dangerous Type\"}]}], \"providerMetadata\": {\"orgId\": \"b15e7b5b-3da4-40ae-a43c-f7aa60e62599\", \"shortName\": \"Wordfence\", \"dateUpdated\": \"2022-02-07T19:23:47.000Z\"}, \"x_legacyV4Record\": {\"credit\": [{\"lang\": \"eng\", \"value\": \"Thinkland Security Team\"}], \"impact\": {\"cvss\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}, \"source\": {\"discovery\": \"EXTERNAL\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_name\": \"1.7\", \"version_value\": \"1.7\", \"version_affected\": \"\u003c=\"}]}, \"product_name\": \"Catch Themes Demo Import\"}]}, \"vendor_name\": \"Catch Themes Demo Import\"}]}}, \"solution\": [{\"lang\": \"en\", \"value\": \"Update to version 1.7 or newer.\"}], \"data_type\": \"CVE\", \"generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"references\": {\"reference_data\": [{\"url\": \"https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39352\", \"name\": \"https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39352\", \"refsource\": \"MISC\"}, {\"url\": \"https://plugins.trac.wordpress.org/changeset/2617555/catch-themes-demo-import/trunk/inc/CatchThemesDemoImport.php\", \"name\": \"https://plugins.trac.wordpress.org/changeset/2617555/catch-themes-demo-import/trunk/inc/CatchThemesDemoImport.php\", \"refsource\": \"MISC\"}, {\"url\": \"https://github.com/BigTiger2020/word-press/blob/main/Catch%20Themes%20Demo%20Import.md\", \"name\": \"https://github.com/BigTiger2020/word-press/blob/main/Catch%20Themes%20Demo%20Import.md\", \"refsource\": \"MISC\"}, {\"url\": \"http://packetstormsecurity.com/files/165207/WordPress-Catch-Themes-Demo-Import-1.6.1-Shell-Upload.html\", \"name\": \"http://packetstormsecurity.com/files/165207/WordPress-Catch-Themes-Demo-Import-1.6.1-Shell-Upload.html\", \"refsource\": \"MISC\"}, {\"url\": \"http://packetstormsecurity.com/files/165463/WordPress-Catch-Themes-Demo-Import-Shell-Upload.html\", \"name\": \"http://packetstormsecurity.com/files/165463/WordPress-Catch-Themes-Demo-Import-Shell-Upload.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39352\", \"name\": \"https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39352\", \"refsource\": \"MISC\"}, {\"url\": \"https://www.exploit-db.com/exploits/50580\", \"name\": \"https://www.exploit-db.com/exploits/50580\", \"refsource\": \"MISC\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with administrative privileges to upload malicious files that can be used to achieve remote code execution.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-434 Unrestricted Upload of File with Dangerous Type\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2021-39352\", \"AKA\": \"Wordfence\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Catch Themes Demo Import \u003c= 1.7 Admin+ Arbitrary File Upload\", \"ASSIGNER\": \"security@wordfence.com\", \"DATE_PUBLIC\": \"2021-10-21T16:05:00.000Z\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2021-39352\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-14T17:54:38.315Z\", \"dateReserved\": \"2021-08-20T00:00:00.000Z\", \"assignerOrgId\": \"b15e7b5b-3da4-40ae-a43c-f7aa60e62599\", \"datePublished\": \"2021-10-21T19:38:41.649Z\", \"assignerShortName\": \"Wordfence\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-P6RQ-PRCM-F9FW

Vulnerability from github – Published: 2022-05-24 19:18 – Updated: 2022-05-24 19:18

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-39352"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-434"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-10-21T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with administrative privileges to upload malicious files that can be used to achieve remote code execution.",
  "id": "GHSA-p6rq-prcm-f9fw",
  "modified": "2022-05-24T19:18:25Z",
  "published": "2022-05-24T19:18:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39352"
    },
    {
      "type": "WEB",
      "url": "https://github.com/BigTiger2020/word-press/blob/main/Catch%20Themes%20Demo%20Import.md"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39352"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset/2617555/catch-themes-demo-import/trunk/inc/CatchThemesDemoImport.php"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/50580"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39352"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/165207/WordPress-Catch-Themes-Demo-Import-1.6.1-Shell-Upload.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/165463/WordPress-Catch-Themes-Demo-Import-Shell-Upload.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CNVD-2021-83670

Vulnerability from cnvd - Published: 2021-10-25

Title

WordPress代码问题漏洞（CNVD-2021-83670）

Description

WordPress是WordPress（Wordpress）基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。 WordPress 插件 Catch Themes Demo Import 在 1.7 及以下版本中存在代码问题漏洞，该漏洞源于 ~/inc/CatchThemesDemoImport.php 文件中的导入功能文件类型验证不足。具有管理权限的攻击者可以上传可用于实现远程代码执行的恶意文件。

Severity

中

Patch Name

WordPress代码问题漏洞（CNVD-2021-83670）的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39352

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-39352

Impacted products

Name
WordPress Catch Themes Demo Import <=1.7

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-39352"
    }
  },
  "description": "WordPress\u662fWordPress\uff08Wordpress\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u4f7f\u7528PHP\u8bed\u8a00\u5f00\u53d1\u7684\u535a\u5ba2\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u652f\u6301\u5728PHP\u548cMySQL\u7684\u670d\u52a1\u5668\u4e0a\u67b6\u8bbe\u4e2a\u4eba\u535a\u5ba2\u7f51\u7ad9\u3002\n\nWordPress \u63d2\u4ef6 Catch Themes Demo Import \u5728 1.7 \u53ca\u4ee5\u4e0b\u7248\u672c\u4e2d\u5b58\u5728\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e ~/inc/CatchThemesDemoImport.php \u6587\u4ef6\u4e2d\u7684\u5bfc\u5165\u529f\u80fd\u6587\u4ef6\u7c7b\u578b\u9a8c\u8bc1\u4e0d\u8db3\u3002\u5177\u6709\u7ba1\u7406\u6743\u9650\u7684\u653b\u51fb\u8005\u53ef\u4ee5\u4e0a\u4f20\u53ef\u7528\u4e8e\u5b9e\u73b0\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u7684\u6076\u610f\u6587\u4ef6\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.wordfence.com/vulnerability-advisories/#CVE-2021-39352",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-83670",
  "openTime": "2021-10-25",
  "patchDescription": "WordPress\u662fWordPress\uff08Wordpress\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u4f7f\u7528PHP\u8bed\u8a00\u5f00\u53d1\u7684\u535a\u5ba2\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u652f\u6301\u5728PHP\u548cMySQL\u7684\u670d\u52a1\u5668\u4e0a\u67b6\u8bbe\u4e2a\u4eba\u535a\u5ba2\u7f51\u7ad9\u3002\r\n\r\nWordPress \u63d2\u4ef6 Catch Themes Demo Import \u5728 1.7 \u53ca\u4ee5\u4e0b\u7248\u672c\u4e2d\u5b58\u5728\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e ~/inc/CatchThemesDemoImport.php \u6587\u4ef6\u4e2d\u7684\u5bfc\u5165\u529f\u80fd\u6587\u4ef6\u7c7b\u578b\u9a8c\u8bc1\u4e0d\u8db3\u3002\u5177\u6709\u7ba1\u7406\u6743\u9650\u7684\u653b\u51fb\u8005\u53ef\u4ee5\u4e0a\u4f20\u53ef\u7528\u4e8e\u5b9e\u73b0\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u7684\u6076\u610f\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "WordPress\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e\uff08CNVD-2021-83670\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "WordPress Catch Themes Demo Import \u003c=1.7"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-39352",
  "serverity": "\u4e2d",
  "submitTime": "2021-10-25",
  "title": "WordPress\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e\uff08CNVD-2021-83670\uff09"
}

GSD-2021-39352

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-39352

Aliases

CVE-2021-39352

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-39352",
    "description": "The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with administrative privileges to upload malicious files that can be used to achieve remote code execution.",
    "id": "GSD-2021-39352",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2021-39352"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-39352"
      ],
      "details": "The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with administrative privileges to upload malicious files that can be used to achieve remote code execution.",
      "id": "GSD-2021-39352",
      "modified": "2023-12-13T01:23:15.229751Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "AKA": "Wordfence",
        "ASSIGNER": "security@wordfence.com",
        "DATE_PUBLIC": "2021-10-21T16:05:00.000Z",
        "ID": "CVE-2021-39352",
        "STATE": "PUBLIC",
        "TITLE": "Catch Themes Demo Import \u003c= 1.7 Admin+ Arbitrary File Upload"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Catch Themes Demo Import",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "1.7",
                          "version_value": "1.7"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Catch Themes Demo Import"
            }
          ]
        }
      },
      "credit": [
        {
          "lang": "eng",
          "value": "Thinkland Security Team"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with administrative privileges to upload malicious files that can be used to achieve remote code execution."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39352",
            "refsource": "MISC",
            "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39352"
          },
          {
            "name": "https://plugins.trac.wordpress.org/changeset/2617555/catch-themes-demo-import/trunk/inc/CatchThemesDemoImport.php",
            "refsource": "MISC",
            "url": "https://plugins.trac.wordpress.org/changeset/2617555/catch-themes-demo-import/trunk/inc/CatchThemesDemoImport.php"
          },
          {
            "name": "https://github.com/BigTiger2020/word-press/blob/main/Catch%20Themes%20Demo%20Import.md",
            "refsource": "MISC",
            "url": "https://github.com/BigTiger2020/word-press/blob/main/Catch%20Themes%20Demo%20Import.md"
          },
          {
            "name": "http://packetstormsecurity.com/files/165207/WordPress-Catch-Themes-Demo-Import-1.6.1-Shell-Upload.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/165207/WordPress-Catch-Themes-Demo-Import-1.6.1-Shell-Upload.html"
          },
          {
            "name": "http://packetstormsecurity.com/files/165463/WordPress-Catch-Themes-Demo-Import-Shell-Upload.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/165463/WordPress-Catch-Themes-Demo-Import-Shell-Upload.html"
          },
          {
            "name": "https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39352",
            "refsource": "MISC",
            "url": "https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39352"
          },
          {
            "name": "https://www.exploit-db.com/exploits/50580",
            "refsource": "MISC",
            "url": "https://www.exploit-db.com/exploits/50580"
          }
        ]
      },
      "solution": [
        {
          "lang": "eng",
          "value": "Update to version 1.7 or newer. "
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:catchplugins:catch_themes_demo_import:*:*:*:*:*:wordpress:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.7",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@wordfence.com",
          "ID": "CVE-2021-39352"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with administrative privileges to upload malicious files that can be used to achieve remote code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-434"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://plugins.trac.wordpress.org/changeset/2617555/catch-themes-demo-import/trunk/inc/CatchThemesDemoImport.php",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://plugins.trac.wordpress.org/changeset/2617555/catch-themes-demo-import/trunk/inc/CatchThemesDemoImport.php"
            },
            {
              "name": "https://github.com/BigTiger2020/word-press/blob/main/Catch%20Themes%20Demo%20Import.md",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://github.com/BigTiger2020/word-press/blob/main/Catch%20Themes%20Demo%20Import.md"
            },
            {
              "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39352",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39352"
            },
            {
              "name": "http://packetstormsecurity.com/files/165207/WordPress-Catch-Themes-Demo-Import-1.6.1-Shell-Upload.html",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/165207/WordPress-Catch-Themes-Demo-Import-1.6.1-Shell-Upload.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/165463/WordPress-Catch-Themes-Demo-Import-Shell-Upload.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/165463/WordPress-Catch-Themes-Demo-Import-Shell-Upload.html"
            },
            {
              "name": "https://www.exploit-db.com/exploits/50580",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.exploit-db.com/exploits/50580"
            },
            {
              "name": "https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39352",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39352"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.2,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-02-28T14:59Z",
      "publishedDate": "2021-10-21T20:15Z"
    }
  }
}

FKIE_CVE-2021-39352

Vulnerability from fkie_nvd - Published: 2021-10-21 20:15 - Updated: 2024-11-21 06:19

Severity ?

7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security@wordfence.com	http://packetstormsecurity.com/files/165207/WordPress-Catch-Themes-Demo-Import-1.6.1-Shell-Upload.html	Exploit, Third Party Advisory, VDB Entry
security@wordfence.com	http://packetstormsecurity.com/files/165463/WordPress-Catch-Themes-Demo-Import-Shell-Upload.html	Third Party Advisory, VDB Entry
security@wordfence.com	https://github.com/BigTiger2020/word-press/blob/main/Catch%20Themes%20Demo%20Import.md	Exploit, Third Party Advisory
security@wordfence.com	https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39352	Exploit, Third Party Advisory
security@wordfence.com	https://plugins.trac.wordpress.org/changeset/2617555/catch-themes-demo-import/trunk/inc/CatchThemesDemoImport.php	Patch, Third Party Advisory
security@wordfence.com	https://www.exploit-db.com/exploits/50580	Exploit, Third Party Advisory, VDB Entry
security@wordfence.com	https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39352	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/165207/WordPress-Catch-Themes-Demo-Import-1.6.1-Shell-Upload.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/165463/WordPress-Catch-Themes-Demo-Import-Shell-Upload.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://github.com/BigTiger2020/word-press/blob/main/Catch%20Themes%20Demo%20Import.md	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39352	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://plugins.trac.wordpress.org/changeset/2617555/catch-themes-demo-import/trunk/inc/CatchThemesDemoImport.php	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/50580	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39352	Third Party Advisory

Impacted products

	Vendor	Product	Version
	catchplugins	catch_themes_demo_import	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:catchplugins:catch_themes_demo_import:*:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "20DC7E5C-982B-40B5-A83E-90A93FF16CEC",
              "versionEndIncluding": "1.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with administrative privileges to upload malicious files that can be used to achieve remote code execution."
    },
    {
      "lang": "es",
      "value": "El plugin Catch Themes Demo Import de WordPress es vulnerable a una carga de archivos arbitrarios por medio de la funcionalidad import que se encuentra en el archivo ~/inc/CatchThemesDemoImport.php, en versiones hasta la 1.7 incluy\u00e9ndola, debido a una comprobaci\u00f3n insuficiente del tipo de archivo. Esto hace posible que un atacante con privilegios administrativos cargue archivos maliciosos que pueden ser usados para lograr una ejecuci\u00f3n de c\u00f3digo remota"
    }
  ],
  "id": "CVE-2021-39352",
  "lastModified": "2024-11-21T06:19:23.133",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "security@wordfence.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-10-21T20:15:08.060",
  "references": [
    {
      "source": "security@wordfence.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165207/WordPress-Catch-Themes-Demo-Import-1.6.1-Shell-Upload.html"
    },
    {
      "source": "security@wordfence.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165463/WordPress-Catch-Themes-Demo-Import-Shell-Upload.html"
    },
    {
      "source": "security@wordfence.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/BigTiger2020/word-press/blob/main/Catch%20Themes%20Demo%20Import.md"
    },
    {
      "source": "security@wordfence.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39352"
    },
    {
      "source": "security@wordfence.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://plugins.trac.wordpress.org/changeset/2617555/catch-themes-demo-import/trunk/inc/CatchThemesDemoImport.php"
    },
    {
      "source": "security@wordfence.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/50580"
    },
    {
      "source": "security@wordfence.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39352"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165207/WordPress-Catch-Themes-Demo-Import-1.6.1-Shell-Upload.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165463/WordPress-Catch-Themes-Demo-Import-Shell-Upload.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/BigTiger2020/word-press/blob/main/Catch%20Themes%20Demo%20Import.md"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39352"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://plugins.trac.wordpress.org/changeset/2617555/catch-themes-demo-import/trunk/inc/CatchThemesDemoImport.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/50580"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39352"
    }
  ],
  "sourceIdentifier": "security@wordfence.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-434"
        }
      ],
      "source": "security@wordfence.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-434"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-39352 (GCVE-0-2021-39352)

GHSA-P6RQ-PRCM-F9FW

CNVD-2021-83670

GSD-2021-39352

FKIE_CVE-2021-39352

Tags

Sightings

Nomenclature