300,00+ Installations of Catch Themes WordPress Plugins Vulnerable via @sejournal, @martinibuster

admin

imageSecurity researchers at WPScan and Wordfence have identified seventeen plugins published Catch Plugins (a division of Catch Themes, LLC) that have vulnerabilities.These vulnerabilities are rated as high and can result in an attacker being able to change the plugin configurations.

Cross Site Request Forgery (CSRF)

A user authentication exploit (lacking a capability check) and a Cross Site Request Forgery (CSRF) vulnerability are affecting 17 plugins published by Catch Themes.

These vulnerabilities allow any logged-in user, even a subscriber, to perform changes that are usually reserved for WordPress users with the highest editing privileges, like the administrator of the website.

According to WordPress security plugin publisher WPScan:

“Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctp_switch AJAX action, which could allow any authenticated users, such as Subscriber to change the plugin’s configurations.”

Wordfence Reports Vulnerability in Catch Demo Import WordPress Plugin

Wordfence published a notice about a critical vulnerability discovered in one of these plugins as well, the Catch Themes Demo Import (versions up to and including version 1.7).

The Catch Themes Demo Import WordPress plugin was found to have an Arbitrary File Upload Vulnerability.

It’s unclear how severe this specific vulnerability is.The vulnerability was rated by Wordfence as 9.1 on a scale of 1 – 10 and described as Critical.However, the vulnerability was listed on the US government National Vulnerability Database with a rating of 7.2 (High).

According to Wordfence:

“The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation”

Wordfence recommends upgrading to version 1.8, or newer.

Vulnerabilities Discovered in Seventeen Catch Themes WordPress Plugins

WPScan lists seventeen Catch Themes WordPress plugins that were discovered to have vulnerabilities.All seventeen were disclosed to the plugin publisher and have been fixed.

Over 300,000 Installations Affected

Many of the seventeen plugins are highly popular.

These are the top 10 most popular Catch Themes plugins, with the number of installations listed next to them.

Ten Most Popular Vulnerable Catch Theme Plugins

– To Top – 80,000 Installations

– Essential Content Types – 50,000 Installations

– Catch IDs – 40,000 Installations

– Catch Web Tools – 20,000 Installations

– Social Gallery and Widget – 20,000 Installations

– Catch Infinite Scroll – 20,000 Installations

– Catch Gallery – 20,000 Installations

– Essential Widgets – 20,000 Installations

– Catch Instagram Feed Gallery & Widget (Social Gallery and Widget) – 20,000 Installations

– Catch Themes Demo Import – 10,000 Installations

Seventeen Catch Themes Vulnerable Plugins

These are the seventeen plugins reported by WPScan to have a vulnerability that was subsequently patched:

– Essential Widgets

Fixed in version 1.9

– To Top

Fixed in version 2.3

– Header Enhancement

Fixed in version 1.5

– Generate Child Theme

Fixed in version 1.6

– Essential Content Types

Fixed in version 1.9

– Catch Web Tools

Fixed in version 2.7

– Catch Under Construction

Fixed in version 1.4

– Catch Themes Demo Import

Fixed in version 1.6

– Catch Sticky Menu

Fixed in version 1.7

– Catch Scroll Progress Bar

Fixed in version 1.6

– Catch Instagram Feed Gallery & Widget (Social Gallery and Widget)

Fixed in version 2.3

– Catch Infinite Scroll

Fixed in version 1.9

– Catch Import Export

Fixed in version 1.9

– Catch Gallery

Fixed in version 1.7

– Catch Duplicate Switcher

Fixed in version 1.6

– Catch Breadcrumb

Fixed in version 1.7

– Catch IDs

Fixed in version 2.4

Users Recommended to Consider Updating to Latest Plugin Versions

Publishers who use the affected Catch Themes plugins who wish to avoid unintended consequences from using vulnerable versions of those plugins should consider upgrading to the very latest versions of the plugins now available.

Failure to do so may lead to unnecessary exposure to a hacking event.

Citations

Read WPScan Advisory on Catch Themes Plugins

Multiple Plugins from CatchThemes – Unauthorised Plugin’s Setting Change

Wordfence Advisory of Catch Themes Plugin

Catch Themes Demo Import <= 1.7 Admin+ Arbitrary File Upload National Vulnerability Database Catch Themes Plugins Advisories Catch Themes Demo Import WordPress plugin vulnerability CVE-2021-39352 Detail National Vulnerability Database Listing of Multiple Catch Themes Plugins Vulnerabilities.

Leave a Reply

Your email address will not be published. Required fields are marked *

Next Post

Budget 2021: Extra £5.9bn pledged for NHS backlog in England

Budget 2021: NHS in England to receive £5.9bn to cut waiting lists By Francesca Gillett & George Bowden BBC News Published 12 hours ago comments Comments Related Topics Budget 2021 This video can not be played To play this video you need to enable JavaScript in your browser.Media caption, Javid […]
Budget 2021: Extra £5.9bn pledged for NHS backlog in England

Subscribe US Now