Major Error in WordPress plugin Opens 200,000 Server Sites to Intruders

Yes! The vulnerability in WordPress theme plugins permitted cybercriminals to be web administrators.
A leading WordPress theme plugin with over 200,000 active installs features a serious but easy-to-use security defect that could damage a vast variety of internet sites if left unpatched by unauthenticated unknown intruders.
The problem resides with versions 1.3.4 and ahead, and 1.6.1 and below, according to WebARX, the ThemeGrill Demo Importer module.
The firm said the vulnerability might authorize any unauthenticated consumer to clear the entire database to its default position and then sign in as admin.

WebARX cautioned that the flaw is especially risky because it does not involve the manipulation of a suspect-looking package.
ThemeGrill is a prominent WordPress theme provider that users may install to customize their websites to their needs. The plugin in consideration can be instantly and conveniently practiced for sample material, widgets, and theme settings.
The bug is the second that could enable attackers to effectively dispatch targeted WordPress pages within a month.
Back in January, Wordfence notified about critical vulnerability CVE-2020-7048 impacting more than 80,000 deployed WP Server Reset update.

Despite sufficient security checks in effect, there was a significant flaw in the WP Server Reset plugin that permitted any unauthenticated consumer to reset any table in the server, “the firm explained. “This reset would trigger the tests to be completely unfunctional. An intruder might submit a basic message, and the WordPress regular defaults will be fully reset to a domain”.
WebARX group recorded this bug wisely two weeks ago to ThemeGrill developers who published a modified version 1.6.2 on February 16th.
WordPress Dashboard periodically informs administrators anytime a module has to be changed, so instead of asking for manual intervention, you may still opt to get plugin changes automatically installed.

Back to top button
Close