Security breach in WordPress plugin puts 200,000 sites at risk

 

Security: This vulnerability could allow hackers to erase all sites equipped with the plugin, and to seize administrator rights.

Owners of WordPress sites that use commercial themes provided by ThemeGrill should be aware of a security vulnerability that could allow them to delete their site if attacked.

The vulnerability lies in ThemeGrill Demo Importer, a plugin provided with some themes sold by ThemeGrill, a web development company that sells commercial themes for WordPress. It is advisable to update this plugin to fix the critical bug.

 

The plugin, which is installed on over 200,000 sites, allows site owners to import demo content into their ThemeGrill template so that they have examples and a starting point on which to build their own site.

Vulnerable older versions

In a report released Sunday, the WordPress security company WebARX claims that older versions of the demo importer ThemeGrill are vulnerable to remote attacks. Hackers can send a payload specifically designed for vulnerable sites and trigger a function inside the plugin.

The vulnerable function resets and resets all data, erasing the content of all WordPress sites where a ThemeGrill theme is active and the vulnerable plugin is installed. In addition, if the site database contains a user named "admin", the attacker is granted access to this user with full admin rights on the site.

WebARX indicates that the vulnerability affects all versions of the ThemeGrill Demo Importer plugin between version 1.3.4 and 1.6.1. ThemeGrill, the developer of the plugin, fixed the bug and released version 1.6.2 over the weekend.

 

Other WordPress vulnerabilities

This is the second security flaw found in a WordPress plugin this year that may allow attackers to erase site databases. Last month, the Wordfence team revealed a similar problem in the WP Database Reset plugin, installed on more than 80,000 sites.

Other important WordPress bugs that have been revealed this year include :

  • A cross-site vulnerability stored in the GDPR Cookie Consent plugin, used by more than 700,000 sites.
  • A CSRF-to-RCE vulnerability in the Code Snippets plugin, used by more than 200,000 sites.
  • An authentication bypass bug in the InfiniteWP plugin, used by more than 300,000 sites.

Source : ZDNet.fr