Skip to main content

Catch Themes Demo Import

4 CVEs product

Monthly

CVE-2026-15336 MEDIUM This Month

Missing authorization in the Catch Themes Demo Import WordPress plugin (versions up to and including 3.3) allows any subscriber-level authenticated user to force-install a hardcoded third-party plugin onto the target WordPress site. The vulnerability exists because catch_themes_demo_import_activate_plugin(), hooked on admin_init, invokes Plugin_Upgrader::install() to fetch and install 'essential-content-types' from WordPress.org before performing the current_user_can('activate_plugins') capability check - a classic authorization-check inversion. No public exploit code has been identified at time of analysis, and the constrained impact (only one hardcoded plugin can be installed, not arbitrary ones) meaningfully limits real-world severity despite the low authentication requirement.

Authentication Bypass WordPress Catch Themes Demo Import
NVD VulDB
CVSS 3.1
4.3
CVE-2022-0440 HIGH POC This Week

The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress File Upload Catch Themes Demo Import
NVD WPScan
CVSS 3.1
7.2
EPSS
1.4%
CVE-2021-39352 HIGH POC PATCH THREAT Act Now

The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress RCE PHP File Upload Catch Themes Demo Import
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
55.7%
CVE-2021-24752 MEDIUM POC This Month

Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctp_switch AJAX action, which could allow any authenticated users, such as Subscriber to change the. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Authentication Bypass Catch Scroll Progress Bar Catch Sticky Menu +8
NVD WPScan
CVSS 3.1
5.7
EPSS
0.4%
CVSS 4.3
MEDIUM This Month

Missing authorization in the Catch Themes Demo Import WordPress plugin (versions up to and including 3.3) allows any subscriber-level authenticated user to force-install a hardcoded third-party plugin onto the target WordPress site. The vulnerability exists because catch_themes_demo_import_activate_plugin(), hooked on admin_init, invokes Plugin_Upgrader::install() to fetch and install 'essential-content-types' from WordPress.org before performing the current_user_can('activate_plugins') capability check - a classic authorization-check inversion. No public exploit code has been identified at time of analysis, and the constrained impact (only one hardcoded plugin can be installed, not arbitrary ones) meaningfully limits real-world severity despite the low authentication requirement.

Authentication Bypass WordPress Catch Themes Demo Import
NVD VulDB
EPSS 1% CVSS 7.2
HIGH POC This Week

The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress File Upload +1
NVD WPScan
EPSS 56% CVSS 7.2
HIGH POC PATCH THREAT Act Now

The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress RCE PHP +2
NVD GitHub Exploit-DB
EPSS 0% CVSS 5.7
MEDIUM POC This Month

Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctp_switch AJAX action, which could allow any authenticated users, such as Subscriber to change the. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Authentication Bypass +10
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy