Headline
CVE-2022-29451: Rara One Click Demo Import
Cross-Site Request Forgery (CSRF) leading to Arbitrary File Upload vulnerability in Rara One Click Demo Import plugin <= 1.2.9 on WordPress allows attackers to trick logged-in admin users into uploading dangerous files into /wp-content/uploads/ directory.
- Details
- Reviews
- Installation
- Support
- Development
Do you love the demos of the themes made by Rara Theme? Or, need a guideline for setting up the themes?
Then, all you need is this plugin!
Rara One Click Demo Import plugin will help you import the demo content, including settings of the widgets and the customizer, with a click.
The demo content will make your website look like the preview of a theme so that you get a basic guideline for making your website.
Once installed and activated, Rara One Click Demo Import will be accessible through Appearance > Rara Demo Import.
If you use Premium themes made by Rara Themes, go to Pro Theme Demo Import tab and just click on ‘Import Now’ button and your website will look like the demo of the activated theme in no time.
If you use free themes made by Rara Themes, download the demo files from your Theme Documentation page, upload it using ‘Upload Demo File’ button on this plugin, and click Import Now. As simple as that.
You can find the detail documentation here
If you need help, contact our support team here.
This plugin is based on the ‘Theme Demo Import’ plugin by Themely, https://wordpress.org/plugins/theme-demo-import/
As well as the improved WP Import 2.0 plugin by @humanmade, https://github.com/humanmade/WordPress-Importer.
License
Rara One Click Demo Import uses the script of
‘Theme Demo Import’ plugin by Themely,
https://wordpress.org/plugins/theme-demo-import/
Licensed under the GNU General Public License v2.0,
http://www.gnu.org/licenses/gpl-2.0.html
Rara One Click Demo Import uses ‘WordPress Importer’ plugin script
https://github.com/humanmade/WordPress-Importer
© 2016 @humanmade
Licensed under the GNU General Public License v2.0,
http://www.gnu.org/licenses/gpl-2.0.html
Copyright
Rara One Click Demo Import is distributed under the terms of the GNU GPL.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
any later version (at your own risk).
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
Method 1:
On your WordPress admin dashboard
Visit ‘Plugins > Add New’
Search for ‘RARA One Click Demo Import’ and install the plugin.
Activate ‘RARA One Click Demo Import ’ from your Plugins page.
Method 2:
Download the plugin from WordPress.org repository
On your WordPress admin dashboard, go to ‘Plugins> Add New> Upload Plugin’.
Upload the downloaded plugin file (rara-one-click-demo-import.zip) and click ‘Install Now’
Activate ‘Rara One Click Demo Import’ from your Plugins page.
Once the plugin is activated, you will find the actual import page in Appearance > Rara Demo Import
I have activated the Rara One Click Demo Import plugin. Where can I find the plugin?
You will find the plugin in wp-admin -> Appearance -> Rara Demo Import.
Where are the demo import files and the log files saved?
The files used in the demo import will be saved to the default WordPress uploads directory. An example of that directory would be: …/wp-content/uploads/2017/03/.
The log file will be registered in the wp-admin -> Media section.
I can’t activate the plugin because of a fatal error. What can I do?
Update: There is an admin error notice, stating that the minimal PHP version required for this plugin is 5.3.2.
You want to activate the plugin, but this error shows up:
Plugin could not be activated because it triggered a fatal error
This happens because your hosting server is using a very old version of PHP. This plugin requires PHP version of at least 5.3.x, but we recommend version 5.6.x. Please contact your hosting company and ask them to update the PHP version for your site.
- Tried several times installing “tour-operator.1.2.5” after installation an extra theme showed up, uninstalled, installed again, two themes total. - Reset WP, install again, same issue. - First import proccess gave error 500. Solved, second try imported demo, but with errors. - Reset WP again, tried multiple times, none of imported anything.
Superfast damage to your site.
Error 503 every time I try to upload demo import file.
don’t install this plug! this will be damage to your website and then you must restore your website!
Nice! this plugin is very helpful and easy to use
I recently downloaded the Rara Travel Theme which installed fine. Even though I had read other peoples reviews stating the import does not work. I can state it worked fine for me first time. I am running the latest version of Wordpress as of 25/07/18 with WooCommerce and so far so good no issues. I have even created a Child Theme just in case of future Theme Updates. So don’t believe these 1 Star reviews. I am relatively new to Wordpress and I managed just fine. Thank You to the programmer who wrote the Theme and provided the Demo Content all for Free by the way. Really! Thank You!
Read all 7 reviews
“Rara One Click Demo Import” is open source software. The following people have contributed to this plugin.
Contributors
- Rara Theme
1.2.9
- WORDPRESS 5.6 AND PHP 8 COMPATIBILITY FIXES
1.2.8
- ARRAY OFFSET ACCESS SYNTAX WITH CURLY BRACES FIXED
1.2.7
- LINKS UPDATED
1.2.6
- UPLOAD BUTTON ISSUE FIXED
1.2.5
- INFORMATION ADDED
1.2.1
- COMPATIBILITY TEST
1.2.0
- MAJOR UPDATE
- DEMO FILE ZIP NAME STANDARDS
1.1.0
- WARNING MESSAGE FIXED
1.0.9
- WARNING MESSAGE FIXED
1.0.8
- CODE CLEAN UP & DESIGN FIXES
1.0.7
- CODE CLEAN UP
- SOME OPTIONAL FUNCTIONS REMOVED
1.0.6
- DEMO IMPORT PROCESS EASED
1.0.5
- RARA THEME DEPENDENT
1.0.4
- COMPATIBILITY TEST
1.0.3
- PLUGIN DEPENDENCY CHECK
- COMPATIBILITY TEST
1.0.2
- CODE CLEANUP
1.0.1
- CLASSES ADDED
- FILTERS ADDED
1.0.0
- INITIAL RELEASE
Related news
A misconfiguration of RSA in PingID Android app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login.
A misconfiguration of RSA in PingID iOS app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login.
NVIDIA Omniverse Nucleus and Cache contain a vulnerability in its configuration of OpenSSL, where an attacker with physical access to the system can cause arbitrary code execution which can impact confidentiality, integrity, and availability.
This scale of this month's encrypted DDoS attack over HTTPS suggests a well-resourced operation, analysts say.
Improper handling of Length parameter in GitHub repository erudika/scoold prior to 1.49.4. When the text size is large enough the service results in a momentary outage in a production environment. That can lead to memory corruption on the server.
Multiple (13x) Cross-Site Request Forgery (CSRF) vulnerabilities in WPKube's Subscribe To Comments Reloaded plugin <= 211130 on WordPress allows attackers to clean up Log archive, download system info file, plugin system settings, plugin options settings, generate a new key, reset all options, change notifications settings, management page settings, comment form settings, manage subscriptions > mass update settings, manage subscriptions > add a new subscription, update subscription, delete Subscription.
Small HTTP Server version 3.06 suffers from a remote buffer overflow vulnerability via long GET request.
USU Oracle Optimization before 5.17.5 lacks Polkit authentication, which allows smartcollector users to achieve root access via pkexec. NOTE: this is not an Oracle Corporation product.
A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.
A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.
Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges.
USU Oracle Optimization before 5.17 allows authenticated quantum users to achieve remote code execution because of /v2/quantum/save-data-upload-big-file Java deserialization. NOTE: this is not an Oracle Corporation product.
USU Oracle Optimization before 5.17.5 allows attackers to discover the quantum credentials via an agent-installer download. NOTE: this is not an Oracle Corporation product.