CVE-2021-24752

Name of the Vulnerable Software and Affected Versions: Essential Widgets WordPress plugin versions prior to 1.9 To Top WordPress plugin versions prior to 2.3 Header Enhancement WordPress plugin versions prior to 1.5 Generate Child Theme WordPress plugin versions prior to 1.6 Essential Content Types WordPress plugin versions prior to 1.9 Catch Web Tools WordPress plugin versions prior to 2.7 Catch Under Construction WordPress plugin versions prior to 1.4 Catch Themes Demo Import WordPress plugin versions prior to 1.6 Catch Sticky Menu WordPress plugin versions prior to 1.7 Catch Scroll Progress Bar WordPress plugin versions prior to 1.6 Social Gallery and Widget WordPress plugin versions prior to 2.3 Catch Infinite Scroll WordPress plugin versions prior to 1.9 Catch Import Export WordPress plugin versions prior to 1.9 Catch Gallery WordPress plugin versions prior to 1.7 Catch Duplicate Switcher WordPress plugin versions prior to 1.6 Catch Breadcrumb WordPress plugin versions prior to 1.7 Catch IDs WordPress plugin versions prior to 2.4

Description: The issue concerns multiple plugins from the CatchThemes vendor that do not perform capability and CSRF checks in the ctp switch AJAX action. This could allow any authenticated users, such as subscribers, to change the configurations of the affected plugins.

Recommendations: For Essential Widgets WordPress plugin versions prior to 1.9, update to version 1.9 or later. For To Top WordPress plugin versions prior to 2.3, update to version 2.3 or later. For Header Enhancement WordPress plugin versions prior to 1.5, update to version 1.5 or later. For Generate Child Theme WordPress plugin versions prior to 1.6, update to version 1.6 or later. For Essential Content Types WordPress plugin versions prior to 1.9, update to version 1.9 or later. For Catch Web Tools WordPress plugin versions prior to 2.7, update to version 2.7 or later. For Catch Under Construction WordPress plugin versions prior to 1.4, update to version 1.4 or later. For Catch Themes Demo Import WordPress plugin versions prior to 1.6, update to version 1.6 or later. For Catch Sticky Menu WordPress plugin versions prior to 1.7, update to version 1.7 or later. For Catch Scroll Progress Bar WordPress plugin versions prior to 1.6, update to version 1.6 or later. For Social Gallery and Widget WordPress plugin versions prior to 2.3, update to version 2.3 or later. For Catch Infinite Scroll WordPress plugin versions prior to 1.9, update to version 1.9 or later. For Catch Import Export WordPress plugin versions prior to 1.9, update to version 1.9 or later. For Catch Gallery WordPress plugin versions prior to 1.7, update to version 1.7 or later. For Catch Duplicate Switcher WordPress plugin versions prior to 1.6, update to version 1.6 or later. For Catch Breadcrumb WordPress plugin versions prior to 1.7, update to version 1.7 or later. For Catch IDs WordPress plugin versions prior to 2.4, update to version 2.4 or later.