CVE-2021-39352

Name of the Vulnerable Software and Affected Versions: Catch Themes Demo Import WordPress plugin versions up to and including 1.7

Description: The issue is related to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, due to insufficient file type validation. This allows an attacker with administrative privileges to upload malicious files, potentially leading to remote code execution.

Recommendations: For versions up to and including 1.7, consider disabling the import functionality in the ~/inc/CatchThemesDemoImport.php file as a temporary workaround until a patch is available. Restrict access to the import functionality to minimize the risk of exploitation. Avoid using the import functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.