Skip to main content

Bug in WordPress plugin can let hackers wipe up to 200,000 sites

posted onFebruary 18, 2020
by l33tdawg
ZDNet
Credit: ZDNet

WordPress site owners who use commercial themes provided by ThemeGrill are advised to update one of the plugins that come installed with these themes in order to patch a critical bug that can let attackers wipe their sites.

The vulnerability resides in ThemeGrill Demo Importer, a plugin that ships with themes sold by ThemeGrill, a web development company that sells commercial WordPress themes.

The plugin, which is installed on more than 200,000 sites, allows site owners to import demo content inside their ThemeGrill themes so they'll have examples and a starting point on which they can build their own sites. However, in a report published yesterday, WordPress security firm WebARX says that older versions of the ThemeGrill Demo Importer are vulnerable to remote attacks from unauthenticated attackers. Remote hackers can send a specially crafted payload to vulnerable sites and trigger a function inside the plugin.

Source

Tags

Security

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th