CVE-2022-0440

The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even in the case of an hardened blog (ie DISALLOW_UNFILTERED_HTML, DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS constants set to true)
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
WPScanCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
VendorProductVersion
catchpluginscatch_themes_demo_import
𝑥
< 2.1.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://wpscan.com/vulnerability/2239095f-8a66-4a5d-ab49-1662a40fddf1
https://wpscan.com/vulnerability/2239095f-8a66-4a5d-ab49-1662a40fddf1