News

More than 70,000 WordPress sites are unsafe due to plugin leaklek

By admin
Spread the love

A vulnerability in the ThemeGrill Demo Importer plugin puts a large number of WordPress sites at risk of content removal. Under certain circumstances, attackers can gain administrative privileges.

WebARX, a security company that specializes in WordPress, reports after investigation that versions 1.3.4 through 1.6.1 of ThemeGrill Demo Importer are vulnerable. The vulnerability was in the code for about three years. Attackers can send certain code to WordPress sites with the plugin and thus revert the database to its initial state, removing all content.

The ThemeGrill Demo Importer is used by customers of ThemeGrill, which provides themes for WordPress sites. If a site with such a theme has a user named “admin” in its database, it is possible for an attacker to gain administrative privileges and take over the site.

WebARX reported the vulnerability to ThemeGrill on February 6, which released a new version with a patch ten days later. That version has now been downloaded about 28,000 times and according to plug-in statistics there are more than 100,000 active installations, bringing the number of vulnerable websites to at least 72,000. In fact, according to ThemeGrill itself, the company’s themes are active on more than 300,000 sites.

You might also like
News

EU Council determines position on security requirements for digital products

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Valve releases major Team Fortress 2 update with community maps and new taunts

News

Statcounter: Linux had more than three percent desktop market share for the first…

News

Senate adopts bill to make doxing a punishable offense

News

Apple withdraws Rapid Security Response security update for WebKit vulnerability