Exploit Title: WrodPress Plugin Catch Themes Demo Import —— Arbitrary File Upload
Exploit Author: Thinkland Security Team
Vendor Homepage: https://wordpress.org/plugins/catch-themes-demo-import/#description
Version : V 1.6.1
Vulnerability Type: Arbitrary File Upload
Tested on Windows 10 、XAMPP
Vulnerability proof:
1.Appearance》Catch Themes Demo Import》Manual demo files upload》Upload Trojan file:2.php


