Critical bug in ThemeGrill Demo Importer Plugin Affects 200,000 Sites

Must Read
Sienna Rowley
Sienna Rowley
Sienna is an editor at Cloud Host News. She is an internet enthusiast, always eager to explore the latest trend in the tech space. She is a modest family woman who loves traveling in her free time.

A critical bug is found in the popular WordPress theme plugin, ThemeGrill Demo Importer. That gives admin access to hackers.

WebARX security researcher recently found a bug in the popular WordPress theme plugin ThemeGrill Demo Importer. This plugin has free access to those who buy ThemeGrill WordPress theme. It enables admin to import demo widget, content and default setting from ThemeGrill. This ThemeGrill plugin has more than 2000,000 active installations.

According to security researcher WebARX, Once you install ThemeGrill theme and activate it. It allows users to access the entire database, you can edit, update or even can able to delete the whole database whether the user is admin and running code is authenticated. Technically, When Theme Grill Demo Importer plugin found that a ThemeGrill theme is installed & activated, it loads the file from file manager /includes/class-demo-importer.php which attach reset_wizard_actions into admin_init on line 44.

As WebARX report ThemeGrill Demo Importer has serious bug or vulnerability and can cause a major amount of damage.

Even they add that this serious vulnerability roughly exists for 3 years. since 1.2.4 version. On February 16, 2020, A patched version 1.6.2 was released. The user of ThemeGrill theme can get an automatic plugin update. And, WordPress also add a warning on the Dashboard with a notification to update their plugin.

Looking for more security news? Stay tuned for the latest update news, subscribe to our newsletter to get latest updates.

- Advertisement -spot_img
Latest News

SparkyLinux 6.6 Now Available to Download

Debian-based GNU/Linux distro, SparkyLinux has got a new update Sparky 6.6 named as Po Tolo. Based on Debian 11, Sparky...
- Advertisement -spot_img

More Articles Like This