Security researchers from WPScan and Wordfence have identified vulnerabilities in seventeen plugins published by Catch Plugins, a division of Catch Themes, LLC. These vulnerabilities are considered high-risk and can allow an attacker to change the plugin configurations.
Cross Site Request Forgery (CSRF)
A user authentication exploit and a CSRF vulnerability are affecting 17 plugins published by Catch Themes. These vulnerabilities enable any logged-in user, even a subscriber, to perform changes typically reserved for WordPress users with high editing privileges, such as administrators.
According to WPScan, "Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctp_switch AJAX action, which could allow any authenticated users, such as Subscribers, to change the plugin’s configurations."
Wordfence Reports Vulnerability in Catch Demo Import WordPress Plugin
Wordfence has published a notice about a critical vulnerability discovered in the Catch Themes Demo Import plugin (versions up to and including 1.7). The plugin was found to have an Arbitrary File Upload Vulnerability. While the severity of this specific vulnerability remains ambiguous, Wordfence rated it as 9.1 on a scale of 1 to 10, describing it as Critical. However, the US National Vulnerability Database has rated it 7.2 (High).
According to Wordfence, "The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation." Wordfence recommends upgrading to version 1.8 or newer.
Vulnerabilities Discovered in Seventeen Catch Themes WordPress Plugins
WPScan lists seventeen Catch Themes WordPress plugins with vulnerabilities, which have since been fixed after being disclosed to the plugin publisher.
Over 300,000 Installations Affected
Many of the seventeen plugins are highly popular.
Ten Most Popular Vulnerable Catch Theme Plugins
- To Top – 80,000 Installations
- Essential Content Types – 50,000 Installations
- Catch IDs – 40,000 Installations
- Catch Web Tools – 20,000 Installations
- Social Gallery and Widget – 20,000 Installations
- Catch Infinite Scroll – 20,000 Installations
- Catch Gallery – 20,000 Installations
- Essential Widgets – 20,000 Installations
- Catch Instagram Feed Gallery & Widget (Social Gallery and Widget) – 20,000 Installations
- Catch Themes Demo Import – 10,000 Installations
Seventeen Catch Themes Vulnerable Plugins
Here are the seventeen plugins reported by WPScan to have vulnerabilities that have been patched:
- Essential Widgets – Fixed in version 1.9
- To Top – Fixed in version 2.3
- Header Enhancement – Fixed in version 1.5
- Generate Child Theme – Fixed in version 1.6
- Essential Content Types – Fixed in version 1.9
- Catch Web Tools – Fixed in version 2.7
- Catch Under Construction – Fixed in version 1.4
- Catch Themes Demo Import – Fixed in version 1.6
- Catch Sticky Menu – Fixed in version 1.7
- Catch Scroll Progress Bar – Fixed in version 1.6
- Catch Instagram Feed Gallery & Widget (Social Gallery and Widget) – Fixed in version 2.3
- Catch Infinite Scroll – Fixed in version 1.9
- Catch Import Export – Fixed in version 1.9
- Catch Gallery – Fixed in version 1.7
- Catch Duplicate Switcher – Fixed in version 1.6
- Catch Breadcrumb – Fixed in version 1.7
- Catch IDs – Fixed in version 2.4
Users Recommended to Consider Updating to Latest Plugin Versions
Users who utilize the affected Catch Themes plugins should consider upgrading to the latest versions available to avoid potential security risks.
Failure to do so may lead to unnecessary exposure to hacking attempts.
Citations
- WPScan Advisory on Catch Themes Plugins
- Wordfence Advisory on Catch Themes Plugin
- National Vulnerability Database Catch Themes Plugins Advisories
