Shocking News About Popular Website Builder's Flaw is Being Exploited
Websites using a version of the WordPress plugin, ThemeGrill Demo Importer, are being targeted by hackers. The ThemeGrill Demo Importer plugin by ThemeGrill offers templates for website outlines. This WordPress plugin helps users import and manage ThemeGrill templates on their sites. The plugin has 200,000 active installations.
The flaw allows unauthenticated, remote hackers to execute some administrator functions without checking if they are an administrator. One such function is the capability to wipe the entire database of the vulnerable website, bringing it to its default state and clearing website databases of existing posts and user roles. A hacker could also be logged in as an administrator which would give them complete control over the website.
For a successful exploit, there must be a theme installed and activated on the affected websites that was published by ThemeGrill. Also needed is a user called "admin"in the website's database. After the plugin detects that a ThemeGrill theme is installed and activated, it has the capability to load files which interacts with the admin_init hook. A hook is used as a way for one piece of code to interact or modify another piece of code. Admin_init specifically is used to initialize settings specific to the administrator functions.
ThemeGrill released the new patched version of the plugin, version 1.6.2.. Researchers are urging users of a vulnerable WordPress plugin, ThemeGrill Demo Importer, to update as soon as possible. only the latest WordPress plugin to have a vulnerability. Last week, another popular WordPress plugin, GDPR Cookie Consent, issued fixes for a critical flaw, that if exploited, could enable hackers to modify content or inject malicious JavaScript code into victim websites.