Vulnerabilities > CVE-2021-39333 - Unspecified vulnerability in Hashthemes Demo Importer

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

hashthemes

NVD

Published: 2021-11-01

Updated: 2024-11-21

Summary

The Hashthemes Demo Importer Plugin <= 1.1.1 for WordPress contained several AJAX functions which relied on a nonce which was visible to all logged-in users for access control, allowing them to execute a function that truncated nearly all database tables and removed the contents of wp-content/uploads.

Vulnerable Configurations

Part	Description	Count
Application	Hashthemes Hashthemes Hashthemes Demo Importer - Hashthemes Hashthemes Demo Importer 1.0 Hashthemes Hashthemes Demo Importer 1.0.2 Hashthemes Hashthemes Demo Importer 1.0.3 Hashthemes Hashthemes Demo Importer 1.0.4 Hashthemes Hashthemes Demo Importer 1.0.5 Hashthemes Hashthemes Demo Importer 1.0.6 Hashthemes Hashthemes Demo Importer 1.0.7 Hashthemes Hashthemes Demo Importer 1.0.8 Hashthemes Hashthemes Demo Importer 1.0.9 Hashthemes Hashthemes Demo Importer 1.1.0 Hashthemes Hashthemes Demo Importer 1.1.1	12

Summary

Vulnerable Configurations

References