Security researchers at WebARX have discovered a critical bug in a popular WordPress plugin that could allow unauthenticated users to gain administrative privileges and restore a site’s entire database to its default state if left unpatched.
The vulnerability was found in the ThemeGrill Demo Importer plugin that ships with WordPress themes sold by the web development company ThemeGrill.
The plugin is installed on over 200,000 sites and it allows site owners to import demo content in to their ThemeGrill themes to provide them with examples which they can use to build their own sites.
According to a new report from WebARX, versions 1.3.4 to 1.6.1 of the ThemeGrill Demo Importer plugin are vulnerable to the bug which could allow unauthenticated hackers to launch remote attacks on WordPress sites that have the plugin installed.
Hackers can exploit the vulnerability in ThemeGrill Demo Importer by sending a specially crafted payload to sites that have an older version of the plugin installed to trigger a function inside the plugin.
This function can be used to wipe the database of a WordPress site where a ThemeGrill theme is active and the vulnerable plugin is installed. Additionally, if the site’s database contains a user named “admin”, then the attacker is granted access to that user along with full administrator rights over the site.
Researchers at WebARX first discovered the vulnerability earlier this month and quickly reported their findings to ThemeGrill. The company has since released a new version of ThemeGrill Demo Importer which fixes the bug.
However, at the time of writing, the latest version of the plugin, version 1.6.3, has been installed over 100,000 times which means that many users have yet to update their sites. If you have the ThemeGrill Demo Importer plugin installed on your site, it is highly recommended that you update it immediately to prevent falling victim to any attacks that exploit the vulnerability present in earlier versions.