Saturday, October 5, 2024
HomeSEO300,00+ Installations of Catch Themes WordPress Plugins Susceptible

300,00+ Installations of Catch Themes WordPress Plugins Susceptible


Safety researchers at WPScan and Wordfence have recognized seventeen plugins printed Catch Plugins (a division of Catch Themes, LLC) which have vulnerabilities. These vulnerabilities are rated as excessive and may end up in an attacker having the ability to change the plugin configurations.

Cross Website Request Forgery (CSRF)

A consumer authentication exploit (missing a functionality test) and a Cross Website Request Forgery (CSRF) vulnerability are affecting 17 plugins printed by Catch Themes.

These vulnerabilities enable any logged-in consumer, even a subscriber, to carry out adjustments which might be normally reserved for WordPress customers with the very best modifying privileges, just like the administrator of the web site.

Based on WordPress safety plugin writer WPScan:

Commercial

Proceed Studying Under

“A number of Plugins from the CatchThemes vendor don’t carry out functionality and CSRF checks within the ctp_switch AJAX motion, which might enable any authenticated customers, corresponding to Subscriber to alter the plugin’s configurations.”

Wordfence Experiences Vulnerability in Catch Demo Import WordPress Plugin

Wordfence printed a discover a few vital vulnerability found in one among these plugins as properly, the Catch Themes Demo Import (variations as much as and together with model 1.7).

The Catch Themes Demo Import WordPress plugin was discovered to have an Arbitrary File Add Vulnerability.

It’s unclear how extreme this particular vulnerability is. The vulnerability was rated by Wordfence as 9.1 on a scale of 1 – 10 and described as Vital. Nevertheless, the vulnerability was listed on the US authorities Nationwide Vulnerability Database with a ranking of seven.2 (Excessive).

Commercial

Proceed Studying Under

Based on Wordfence:

“The Catch Themes Demo Import WordPress plugin is susceptible to arbitrary file uploads by way of the import performance discovered within the ~/inc/CatchThemesDemoImport.php file, in variations as much as and together with 1.7, as a consequence of inadequate file kind validation”

Wordfence recommends upgrading to model 1.8, or newer.

Vulnerabilities Found in Seventeen Catch Themes WordPress Plugins

WPScan lists seventeen Catch Themes WordPress plugins that have been found to have vulnerabilities. All seventeen have been disclosed to the plugin writer and have been fastened.

Over 300,000 Installations Affected

Lots of the seventeen plugins are extremely fashionable.

These are the highest 10 hottest Catch Themes plugins, with the variety of installations listed subsequent to them.

Ten Most Widespread Susceptible Catch Theme Plugins

  1. To Prime80,000 Installations
  2. Important Content material Kinds – 50,000 Installations
  3. Catch IDs40,000 Installations
  4. Catch Internet Instruments20,000 Installations
  5. Social Gallery and Widget20,000 Installations
  6. Catch Infinite Scroll20,000 Installations
  7. Catch Gallery20,000 Installations
  8. Important Widgets20,000 Installations
  9. Catch Instagram Feed Gallery & Widget (Social Gallery and Widget)20,000 Installations
  10. Catch Themes Demo Import10,000 Installations

Seventeen Catch Themes Susceptible Plugins

These are the seventeen plugins reported by WPScan to have a vulnerability that was subsequently patched:

  1. Important Widgets
    Mounted in model 1.9
  2. To Prime
    Mounted in model 2.3
  3. Header Enhancement
    Mounted in model 1.5
  4. Generate Youngster Theme
    Mounted in model 1.6
  5. Important Content material Sorts
    Mounted in model 1.9
  6. Catch Internet Instruments
    Mounted in model 2.7
  7. Catch Below Building
    Mounted in model 1.4
  8. Catch Themes Demo Import
    Mounted in model 1.6
  9. Catch Sticky Menu
    Mounted in model 1.7
  10. Catch Scroll Progress Bar
    Mounted in model 1.6
  11. Catch Instagram Feed Gallery & Widget (Social Gallery and Widget)
    Mounted in model 2.3
  12. Catch Infinite Scroll
    Mounted in model 1.9
  13. Catch Import Export
    Mounted in model 1.9
  14. Catch Gallery
    Mounted in model 1.7
  15. Catch Duplicate Switcher
    Mounted in model 1.6
  16. Catch Breadcrumb
    Mounted in model 1.7
  17. Catch IDs
    Mounted in model 2.4

Commercial

Proceed Studying Under

Customers Really useful to Take into account Updating to Newest Plugin Variations

Publishers who use the affected Catch Themes plugins who want to keep away from unintended penalties from utilizing susceptible variations of these plugins ought to contemplate upgrading to the very newest variations of the plugins now out there.

Failure to take action might result in pointless publicity to a hacking occasion.

Citations

Learn WPScan Advisory on Catch Themes Plugins

A number of Plugins from CatchThemes – Unauthorised Plugin’s Setting Change

Wordfence Advisory of Catch Themes Plugin

Catch Themes Demo Import <= 1.7 Admin+ Arbitrary File Add

Nationwide Vulnerability Database Catch Themes Plugins Advisories

Catch Themes Demo Import WordPress plugin vulnerability CVE-2021-39352 Element

Commercial

Proceed Studying Under

Nationwide Vulnerability Database Itemizing of A number of Catch Themes Plugins Vulnerabilities



RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

Recent Comments