Login Sign Up

CVE-2022-0440

7.2 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability in the Catch Themes Demo Import WordPress plugin allows high-privilege administrators to upload arbitrary PHP files, leading to remote code execution. It affects WordPress sites using vulnerable plugin versions, even those with security hardening constants enabled. Only administrators can exploit this vulnerability.

💻 Affected Systems

Products:
  • Catch Themes Demo Import WordPress Plugin
Versions: All versions before 2.1.1
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerable even with WordPress hardening constants DISALLOW_UNFILTERED_HTML, DISALLOW_FILE_EDIT, and DISALLOW_FILE_MODS set to true.

📦 What is this software?

Catch Themes Demo Import by Catchplugins

View all CVEs affecting Catch Themes Demo Import →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise with attacker gaining full control over the WordPress installation and potentially the underlying server through arbitrary PHP file upload and execution.

🟠

Likely Case

Administrator account compromise leading to website defacement, data theft, or installation of backdoors and malware.

🟢

If Mitigated

Limited impact if proper access controls restrict administrator accounts and file uploads are monitored, though RCE potential remains.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires administrator privileges. Public proof-of-concept exists via WPScan references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.1.1

Vendor Advisory: https://wpscan.com/vulnerability/2239095f-8a66-4a5d-ab49-1662a40fddf1

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Catch Themes Demo Import' plugin. 4. Update to version 2.1.1 or later. 5. Verify update completes successfully.

🔧 Temporary Workarounds

Disable vulnerable plugin

all

Temporarily disable the Catch Themes Demo Import plugin until patched.

wp plugin deactivate catch-themes-demo-import

Restrict administrator access

all

Implement strict access controls and monitoring for administrator accounts.

🧯 If You Can't Patch

  • Remove administrator privileges from untrusted users
  • Implement web application firewall rules to block PHP file uploads through the plugin

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Installed Plugins for 'Catch Themes Demo Import' version lower than 2.1.1.

Check Version:

wp plugin get catch-themes-demo-import --field=version

Verify Fix Applied:

Confirm plugin version is 2.1.1 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

  • Unusual PHP file uploads via plugin endpoints
  • Administrator account performing unexpected import operations

Network Indicators:

  • HTTP POST requests to /wp-admin/admin-ajax.php with demo import actions
  • Unexpected file uploads with .php extensions

SIEM Query:

source="wordpress.log" AND "catch-themes-demo-import" AND "import" AND ".php"

📊 Metadata

CVE ID: CVE-2022-0440
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-434
Published: March 7, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-0440, you might also want to check these:

CVE-2024-52490 10.0

This vulnerability allows attackers to upload arbitrary files, including web shells, to Pathomation ...

Same vulnerability type (CWE-434)
CVE-2024-43160 10.0

CVE-2024-43160 is an unauthenticated arbitrary file upload vulnerability in the BerqWP WordPress plu...

Same vulnerability type (CWE-434)
CVE-2024-8940 10.0

CVE-2024-8940 is a critical unrestricted file upload vulnerability in Scriptcase version 9.4.019 tha...

Same vulnerability type (CWE-434)