Security researchers at WPScan and Wordfence have identified seventeen plugins published Catch Plugins (a division of Catch Themes, LLC) that have vulnerabilities. These vulnerabilities are rated as high and can result in an attacker being able to change the plugin configurations.
A user authentication exploit (lacking a capability check) and a Cross Site Request Forgery (CSRF) vulnerability are affecting 17 plugins published by Catch Themes.
These vulnerabilities allow any logged-in user, even a subscriber, to perform changes that are usually reserved for WordPress users with the highest editing privileges, like the administrator of the website.
According to WordPress security plugin publisher WPScan:
Advertisement
Continue Reading Below
“Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctp_switch AJAX action, which could allow any authenticated users, such as Subscriber to change the plugin’s configurations.”
Wordfence published a notice about a critical vulnerability discovered in one of these plugins as well, the Catch Themes Demo Import (versions up to and including version 1.7).
The Catch Themes Demo Import WordPress plugin was found to have an Arbitrary File Upload Vulnerability.
It’s unclear how severe this specific vulnerability is. The vulnerability was rated by Wordfence as 9.1 on a scale of 1 – 10 and described as Critical. However, the vulnerability was listed on the US government National Vulnerability Database with a rating of 7.2 (High).
Advertisement
Continue Reading Below
According to Wordfence:
“The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation”
Wordfence recommends upgrading to version 1.8, or newer.
WPScan lists seventeen Catch Themes WordPress plugins that were discovered to have vulnerabilities. All seventeen were disclosed to the plugin publisher and have been fixed.
Many of the seventeen plugins are highly popular.
These are the top 10 most popular Catch Themes plugins, with the number of installations listed next to them.
These are the seventeen plugins reported by WPScan to have a vulnerability that was subsequently patched:
Advertisement
Continue Reading Below
Publishers who use the affected Catch Themes plugins who wish to avoid unintended consequences from using vulnerable versions of those plugins should consider upgrading to the very latest versions of the plugins now available.
Failure to do so may lead to unnecessary exposure to a hacking event.
Multiple Plugins from CatchThemes – Unauthorised Plugin’s Setting Change
Catch Themes Demo Import <= 1.7 Admin+ Arbitrary File Upload
Catch Themes Demo Import WordPress plugin vulnerability CVE-2021-39352 Detail
Advertisement
Continue Reading Below
National Vulnerability Database Listing of Multiple Catch Themes Plugins Vulnerabilities
Google Ads, Shopping Ads, Admob, and other Google Ads products will soon disallow deepfake sexual…
Google's John Mueller responded to some questions around why sites hurt by the September 2023…
In the past month, in Google-land, we have spoken a lot about the March 2024…
A couple of weeks ago Forbes blocked its coupons directory on its website from being…
Google Ads will automatically pause low-activity keywords starting in June 2024. That means campaigns with…
Over the past week or so, I've seen two signals that OpenAI will launch its…
This website uses cookies.
Leave a Comment