Connect with us

NEWS

300,00+ Installations of Catch Themes WordPress Plugins Vulnerable via @sejournal, @martinibuster

Published

on

wordpress vulnerabilities 6173de1290b29 sej

Security researchers at WPScan and Wordfence have identified seventeen plugins published Catch Plugins (a division of Catch Themes, LLC) that have vulnerabilities. These vulnerabilities are rated as high and can result in an attacker being able to change the plugin configurations.

Cross Site Request Forgery (CSRF)

A user authentication exploit (lacking a capability check) and a Cross Site Request Forgery (CSRF) vulnerability are affecting 17 plugins published by Catch Themes.

These vulnerabilities allow any logged-in user, even a subscriber, to perform changes that are usually reserved for WordPress users with the highest editing privileges, like the administrator of the website.

According to WordPress security plugin publisher WPScan:

Advertisement

Continue Reading Below

“Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctp_switch AJAX action, which could allow any authenticated users, such as Subscriber to change the plugin’s configurations.”

Wordfence Reports Vulnerability in Catch Demo Import WordPress Plugin

Wordfence published a notice about a critical vulnerability discovered in one of these plugins as well, the Catch Themes Demo Import (versions up to and including version 1.7).

The Catch Themes Demo Import WordPress plugin was found to have an Arbitrary File Upload Vulnerability.

It’s unclear how severe this specific vulnerability is. The vulnerability was rated by Wordfence as 9.1 on a scale of 1 – 10 and described as Critical. However, the vulnerability was listed on the US government National Vulnerability Database with a rating of 7.2 (High).

Advertisement

Continue Reading Below

According to Wordfence:

“The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation”

Wordfence recommends upgrading to version 1.8, or newer.

Vulnerabilities Discovered in Seventeen Catch Themes WordPress Plugins

WPScan lists seventeen Catch Themes WordPress plugins that were discovered to have vulnerabilities. All seventeen were disclosed to the plugin publisher and have been fixed.

Over 300,000 Installations Affected

Many of the seventeen plugins are highly popular.

These are the top 10 most popular Catch Themes plugins, with the number of installations listed next to them.

Ten Most Popular Vulnerable Catch Theme Plugins

  1. To Top80,000 Installations
  2. Essential Content Types – 50,000 Installations
  3. Catch IDs40,000 Installations
  4. Catch Web Tools20,000 Installations
  5. Social Gallery and Widget20,000 Installations
  6. Catch Infinite Scroll20,000 Installations
  7. Catch Gallery20,000 Installations
  8. Essential Widgets20,000 Installations
  9. Catch Instagram Feed Gallery & Widget (Social Gallery and Widget)20,000 Installations
  10. Catch Themes Demo Import10,000 Installations

Seventeen Catch Themes Vulnerable Plugins

These are the seventeen plugins reported by WPScan to have a vulnerability that was subsequently patched:

  1. Essential Widgets
    Fixed in version 1.9
  2. To Top
    Fixed in version 2.3
  3. Header Enhancement
    Fixed in version 1.5
  4. Generate Child Theme
    Fixed in version 1.6
  5. Essential Content Types
    Fixed in version 1.9
  6. Catch Web Tools
    Fixed in version 2.7
  7. Catch Under Construction
    Fixed in version 1.4
  8. Catch Themes Demo Import
    Fixed in version 1.6
  9. Catch Sticky Menu
    Fixed in version 1.7
  10. Catch Scroll Progress Bar
    Fixed in version 1.6
  11. Catch Instagram Feed Gallery & Widget (Social Gallery and Widget)
    Fixed in version 2.3
  12. Catch Infinite Scroll
    Fixed in version 1.9
  13. Catch Import Export
    Fixed in version 1.9
  14. Catch Gallery
    Fixed in version 1.7
  15. Catch Duplicate Switcher
    Fixed in version 1.6
  16. Catch Breadcrumb
    Fixed in version 1.7
  17. Catch IDs
    Fixed in version 2.4

Advertisement

Continue Reading Below

Users Recommended to Consider Updating to Latest Plugin Versions

Publishers who use the affected Catch Themes plugins who wish to avoid unintended consequences from using vulnerable versions of those plugins should consider upgrading to the very latest versions of the plugins now available.

Failure to do so may lead to unnecessary exposure to a hacking event.

Citations

Read WPScan Advisory on Catch Themes Plugins

Multiple Plugins from CatchThemes – Unauthorised Plugin’s Setting Change

Wordfence Advisory of Catch Themes Plugin

Catch Themes Demo Import <= 1.7 Admin+ Arbitrary File Upload

National Vulnerability Database Catch Themes Plugins Advisories

Catch Themes Demo Import WordPress plugin vulnerability CVE-2021-39352 Detail

Advertisement

Continue Reading Below

National Vulnerability Database Listing of Multiple Catch Themes Plugins Vulnerabilities

Searchenginejournal.com

Keep an eye on what we are doing
Be the first to get latest updates and exclusive content straight to your email inbox.
We promise not to spam you. You can unsubscribe at any time.
Invalid email address

FACEBOOK

Facebook Faces Yet Another Outage: Platform Encounters Technical Issues Again

Published

on

By

Facebook Problem Again

Uppdated: It seems that today’s issues with Facebook haven’t affected as many users as the last time. A smaller group of people appears to be impacted this time around, which is a relief compared to the larger incident before. Nevertheless, it’s still frustrating for those affected, and hopefully, the issues will be resolved soon by the Facebook team.

Facebook had another problem today (March 20, 2024). According to Downdetector, a website that shows when other websites are not working, many people had trouble using Facebook.

This isn’t the first time Facebook has had issues. Just a little while ago, there was another problem that stopped people from using the site. Today, when people tried to use Facebook, it didn’t work like it should. People couldn’t see their friends’ posts, and sometimes the website wouldn’t even load.

Downdetector, which watches out for problems on websites, showed that lots of people were having trouble with Facebook. People from all over the world said they couldn’t use the site, and they were not happy about it.

When websites like Facebook have problems, it affects a lot of people. It’s not just about not being able to see posts or chat with friends. It can also impact businesses that use Facebook to reach customers.

Since Facebook owns Messenger and Instagram, the problems with Facebook also meant that people had trouble using these apps. It made the situation even more frustrating for many users, who rely on these apps to stay connected with others.

During this recent problem, one thing is obvious: the internet is always changing, and even big websites like Facebook can have problems. While people wait for Facebook to fix the issue, it shows us how easily things online can go wrong. It’s a good reminder that we should have backup plans for staying connected online, just in case something like this happens again.

Keep an eye on what we are doing
Be the first to get latest updates and exclusive content straight to your email inbox.
We promise not to spam you. You can unsubscribe at any time.
Invalid email address
Continue Reading

NEWS

We asked ChatGPT what will be Google (GOOG) stock price for 2030

Published

on

We asked ChatGPT what will be Google (GOOG) stock price for 2030

Investors who have invested in Alphabet Inc. (NASDAQ: GOOG) stock have reaped significant benefits from the company’s robust financial performance over the last five years. Google’s dominance in the online advertising market has been a key driver of the company’s consistent revenue growth and impressive profit margins.

In addition, Google has expanded its operations into related fields such as cloud computing and artificial intelligence. These areas show great promise as future growth drivers, making them increasingly attractive to investors. Notably, Alphabet’s stock price has been rising due to investor interest in the company’s recent initiatives in the fast-developing field of artificial intelligence (AI), adding generative AI features to Gmail and Google Docs.

However, when it comes to predicting the future pricing of a corporation like Google, there are many factors to consider. With this in mind, Finbold turned to the artificial intelligence tool ChatGPT to suggest a likely pricing range for GOOG stock by 2030. Although the tool was unable to give a definitive price range, it did note the following:

“Over the long term, Google has a track record of strong financial performance and has shown an ability to adapt to changing market conditions. As such, it’s reasonable to expect that Google’s stock price may continue to appreciate over time.”

GOOG stock price prediction

While attempting to estimate the price range of future transactions, it is essential to consider a variety of measures in addition to the AI chat tool, which includes deep learning algorithms and stock market experts.

Finbold collected forecasts provided by CoinPriceForecast, a finance prediction tool that utilizes machine self-learning technology, to anticipate Google stock price by the end of 2030 to compare with ChatGPT’s projection.

According to the most recent long-term estimate, which Finbold obtained on March 20, the price of Google will rise beyond $200 in 2030 and touch $247 by the end of the year, which would indicate a 141% gain from today to the end of the year.

2030 GOOG price prediction: Source: CoinPriceForecast

Google has been assigned a recommendation of ‘strong buy’ by the majority of analysts working on Wall Street for a more near-term time frame. Significantly, 36 analysts of the 48 have recommended a “strong buy,” while seven people have advocated a “buy.” The remaining five analysts had given a ‘hold’ rating.

1679313229 737 We asked ChatGPT what will be Google GOOG stock price
Wall Street GOOG 12-month price prediction: Source: TradingView

The average price projection for Alphabet stock over the last three months has been $125.32; this objective represents a 22.31% upside from its current price. It’s interesting to note that the maximum price forecast for the next year is $160, representing a gain of 56.16% from the stock’s current price of $102.46.

While the outlook for Google stock may be positive, it’s important to keep in mind that some potential challenges and risks could impact its performance, including competition from ChatGPT itself, which could affect Google’s price.


Disclaimer: The content on this site should not be considered investment advice. Investing is speculative. When investing, your capital is at risk.

Source link

Keep an eye on what we are doing
Be the first to get latest updates and exclusive content straight to your email inbox.
We promise not to spam you. You can unsubscribe at any time.
Invalid email address
Continue Reading

NEWS

This Apple Watch app brings ChatGPT to your wrist — here’s why you want it

Published

on

Apple Watch Series 8

ChatGPT feels like it is everywhere at the moment; the AI-powered tool is rapidly starting to feel like internet connected home devices where you are left wondering if your flower pot really needed Bluetooth. However, after hearing about a new Apple Watch app that brings ChatGPT to your favorite wrist computer, I’m actually convinced this one is worth checking out.

The new app is called watchGPT and as I tipped off already, it gives you access to ChatGPT from your Apple Watch. Now the $10,000 question (or more accurately the $3.99 question, as that is the one-time cost of the app) is why having ChatGPT on your wrist is remotely necessary, so let’s dive into what exactly the app can do.

What can watchGPT do?

Source link

Keep an eye on what we are doing
Be the first to get latest updates and exclusive content straight to your email inbox.
We promise not to spam you. You can unsubscribe at any time.
Invalid email address
Continue Reading

Trending