Critical bug in ThemeGrill Demo Importer Plugin Affects 200,000 Sites

Must Read
Roger Morales
Professional & passionate blogger by heart. Write various topics like web hosting, cloud computing, Linux, datacenter, reviews, the latest hosting news, etc. He is working on many popular blogs and also works as a technical Analyst.

A critical bug is found in the popular WordPress theme plugin, ThemeGrill Demo Importer. That gives admin access to hackers.

WebARX security researcher recently found a bug in the popular WordPress theme plugin ThemeGrill Demo Importer. This plugin has free access to those who buy ThemeGrill WordPress theme. It enables admin to import demo widget, content and default setting from ThemeGrill. This ThemeGrill plugin has more than 2000,000 active installations.

According to security researcher WebARX, Once you install ThemeGrill theme and activate it. It allows users to access the entire database, you can edit, update or even can able to delete the whole database whether the user is admin and running code is authenticated. Technically, When Theme Grill Demo Importer plugin found that a ThemeGrill theme is installed & activated, it loads the file from file manager /includes/class-demo-importer.php which attach reset_wizard_actions into admin_init on line 44.

As WebARX report ThemeGrill Demo Importer has serious bug or vulnerability and can cause a major amount of damage.

Even they add that this serious vulnerability roughly exists for 3 years. since 1.2.4 version. On February 16, 2020, A patched version 1.6.2 was released. The user of ThemeGrill theme can get an automatic plugin update. And, WordPress also add a warning on the Dashboard with a notification to update their plugin.

Looking for more security news? Stay tuned for the latest update news, subscribe to our newsletter to get latest updates.



Please enter your comment!
Please enter your name here

- Advertisement -spot_img
Latest News

Windows 11 22H2 build 22621 Update Ready for Release

This week, Microsoft silently finalized Windows 11 22H2 build 22621 as RTM; so this implies that the next feature...
- Advertisement -spot_img

More Articles Like This