A popular WordPress theme plugin with over 200,000 active installations contains a severe but easy-to-exploit software vulnerability that, if left unpatched, could let unauthenticated remote attackers compromise a wide range of websites and blogs. The vulnerable plugin in question is ‘ThemeGrill Demo Importer Plugin’ that comes with free as well as premium themes sold by the software development company ThemeGrill.
ThemeGrill Demo Importer plugin has been designed to allow WordPress site admins to import demo content, widgets, and settings from ThemeGrill, making it easier for them to quickly customize the theme.
According to a report WebARX security company shared with The Hacker News, when a ThemeGrill theme is installed and activated, the affected plugin executes some functions with administrative privileges without checking whether the user running the code is authenticated and is an admin.
The flaw could eventually allow unauthenticated remote attackers to wipe the entire database of targeted websites to its default state, after which they will also be automatically logged in as an administrator, allowing them to take complete control over the sites.
“This is a serious vulnerability and can cause a significant amount of damage. Since it requires no suspicious-looking payload, it is not expected for any firewall to block this by default, and a special rule needs to be created to block this vulnerability,” the WebARX researchers said.
WebARX, which provides vulnerability detection and virtual patching software to protect websites from third-party component vulnerabilities. responsibly reported this vulnerability to ThemeGrill developers two weeks ago, who then released a patched version 1.6.2 on February 16.
WordPress Dashboard automatically notifies admins when a plugin needs to be updated, but you can also choose to have plugin updates automatically installed instead of waiting for manual action.
Note – The developers of the ThemeGrill Demo Importer Plugin for WordPress have updated the plugin to remove a critical bug that gives admin privileges to unauthenticated users.