MidnightBSD

Advisories for postmagthemes

CVE-2022-1540

The PostmagThemes Demo Import WordPress plugin through 1.0.7 does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files (such as PHP) leading to RCE.

Products Affected

Vendor Product Version
postmagthemes postmagthemes_demo_import *