[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$ftIZ-xo7cnTa3TyfMVe7ZlmPbBYzJPWrjZ63XWP4qEWA":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"CVE-2022-0440","catch-themes-demo-import-authenticated-admin-arbitrary-file-upload","Catch Themes Demo Import \u003C= 2.1 - Authenticated (Admin+) Arbitrary File Upload","The Catch Themes Demo Import plugin for WordPress is vulnerable to arbitrary file uploads in versions up to, and including, 2.1. This is due to insufficient file type validation on imported files that makes it possible for high-level authenticated users, such as administrators, to upload arbitrary files onto a vulnerable site's server and gain remote code execution. This would only affect installations where admins have been restricted from uploading\u002Fmodifying files to a site.","catch-themes-demo-import",null,"\u003C2.1.1","2.1.1","high",7.2,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Unrestricted Upload of File with Dangerous Type","2022-02-07 00:00:00","2024-01-22 19:56:02",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fc7f10f62-98cf-4629-9a48-59a42490276d?source=api-prod",715]