A popular WordPress plugin used on hundreds of thousands of WordPress-based sites is threatened by a critical vulnerability. The vulnerability makes websites vulnerable to remote attacks.
The ‘ThemeGrill Demo Importer’ plugin, sold by ThemeGrill and included with free or premium themes, turned out to be a critical vulnerability. The popular WordPress theme plugin used on more than 200,000 sites worldwide puts websites and blogs at risk from remote attacks.
ThemeGrill Demo Importer plugin allows WordPress site administrators to import demo content, widgets and settings from ThemeGrill and also makes it easy for users to customize the theme quickly. However, according to the report of the security company WebARX, when a ThemeGrill theme with the plug-in is installed and activated, some functions are performed with administrator privileges without checking whether the user who runs the code is authenticated and whether it is an administrator.
The vulnerability in question can lead websites that are not authenticated by cyber attackers to delete the entire database and reset it to default. Hackers can automatically log in as administrators and gain full control over the sites.
In the screenshot above, it appears that there is no authentication check, and only do do_reset_wordpress parameter for any ‘admin’ based URL of WordPress, including /wp-admin/admin-ajax.php for unauthorized access. According to WebARX researchers, the vulnerability is found in all versions of the ThemeGrill Demo Importer add-on published in the last 3 years, from 1.3.4 to 1.6.1.
After WebARX reported the vulnerability to ThemeGrill developers, version 1.6.2 of the plugin was released on February 16. WordPress admin panel automatically notifies administrators when updates are available to the plugin.