A WordPress plugin, the ThemeGrill Importer, which has over 200,000 active installations and can be used to import ThemeGrill official themes, demo content, widgets and theme instantly with a click.
In version 1.3.4 and above, as well as versions 1.6.1 and below of ThemeGrill exists a security vulnerability that can allow any unauthenticated user to wipe entire databases of data to its default state after which they are automatically logged in as an administrator.
With hundreds of thousands of businesses using WordPress for their websites, any of them that use the plugin can be at risk of having their entire websites wiped, their data deleted and their admin rights stolen.
The only thing someone needs to wipe an entire database is that there must be an existing theme installed, activated and published by ThemeGrill itself. This issue has existed within WordPress for roughly 3 years, since version 1.3.4.
Within a WordPress blog, for example, that runs a theme from ThemeGrill, the exploit exists where the installed theme loads a file that places the command line “reset_wizard_actions” within its code – this is where the exploit exists.
My Broadband says via WebARX that the exploit does not require any suspicious-looking payload, in the form of malware or malicious code for example, and that it would not be blocked by any firewall by default.
The publisher for ThemeGrill has already added a patch that fixes the issue on 16 February, users who are running the versions with the exploit included are really recommended to install this patch, lest they lose everything.
Edited by Luis Monzon
Follow Luis Monzon on Twitter
Follow IT News Africa on Twitter