Catch Themes Demo Import.md

Exploit Title: WrodPress Plugin Catch Themes Demo Import —— Arbitrary File Upload

Exploit Author: Thinkland Security Team

Vendor Homepage: https://wordpress.org/plugins/catch-themes-demo-import/#description

Version : V 1.6.1

Vulnerability Type: Arbitrary File Upload

Tested on Windows 10 、XAMPP

Vulnerability proof：

1.Appearance》Catch Themes Demo Import》Manual demo files upload》Upload Trojan file:2.php