A WordPress plugin threatened the integrity of thousands of websites. This time, the vulnerability appeared in the ThemeGrill Demo Importer WordPress plugin. Exploiting this flaw could allow an adversary to entirely wipe a website Database.
ThemeGrill Demo Importer Vulnerability
Researchers from the WebARX have found a serious security vulnerability in the WordPress plugin ThemeGrill Demo Importer. The plugin facilitates in swift importing of the official themes demo content, widgets, and settings to the site.
As explained in their report, the flaw in the plugin could allow an unauthenticated attacker to meddle with the target website. Upon an exploit, the bug could let the attacker wipe the entire website and take over as admin.
There is a vulnerability that allows any unauthenticated user to wipe the entire database to its default state after which they are automatically logged in as an administrator.
Exploiting the vulnerability required the active installation of a ThemeGrill activated theme on the target site. Then the attacker could wipe the entire database, pulling back the site to its default state.
Whereas, for the attacker to gain access as an admin, having a user as ‘admin’ in the database was necessary. Though, this wasn’t a requisite for wiping the database.
Details about the technicalities of the flaw are available in the researchers’ post.
Patch Released – Update Now
Upon discovering the flaw, the WebARX team reached out to the ThemeGrill plugin developers to inform them of the flaw. Consequently, the developers patched the flaw on February 15, 2020.
The vulnerability primarily affected the plugin versions between 1.3.4 and 1.6.1. Eventually, developers released the patch with ThemeGrill Demo Importer plugin version 1.6.2.
While the plugin initially boasted an active installation of 200,000+, the count now seems fallen to 100,000+. Perhaps, some users may have uninstalled the plugin following the discovery of the vulnerability.
Nonetheless, it still remains a threat to thousands of websites. Therefore, the users must ensure updating their sites to the latest plugin versions.
Earlier, similar vulnerabilities also appeared in the WP Database Reset plugin that allowed wiping databases and takeover websites as admin.
Let us know your thoughts in the comments.