module
Wordpress Plugin Catch Themes Demo Import RCE
| Disclosed |
|---|
| 2021-10-21 |
Disclosed
2021-10-21
Description
The Wordpress Plugin Catch Themes Demo Import versions arbitrary file uploads via the import functionality found in the
~/inc/CatchThemesDemoImport.php file, due to insufficient file type validation.
Re-exploitation may need a reboot of the server, or to wait an arbitrary timeout.
During testing this timeout was roughly 5min.
~/inc/CatchThemesDemoImport.php file, due to insufficient file type validation.
Re-exploitation may need a reboot of the server, or to wait an arbitrary timeout.
During testing this timeout was roughly 5min.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.