200,000 WordPress sites at risk for a ThemeGrill plugin bug

Anyone who manages a WordPress website and uses the commercial templates made available by ThemeGrill should update one of the plugins that installed with these themes as soon as possible to solve a dangerous bug that could allow an attacker to compromise the site by deleting its contents.

The vulnerability lies in the ThemeGrill Demo Importer plugin, which delivers the themes sold by ThemeGrill, a web development company that sells commercial WordPress themes. The plugin is installed on over 200 thousand websites. It allows the site manager to import demonstration content into the ThemeGrill templates so that he can view examples and have a starting point from which to start building his websites.

The WebARX company, which specifically deals with security for WordPress, has published a report in which it reports that old versions of ThemeGrill Demo Importer are vulnerable to remote attacks by unauthenticated attackers. Hackers can remotely send a properly assembled payload to vulnerable sites to trigger a function within the plugin.

This function resets the site database, completely eliminating the contents for everyone: WordPress sites where there is an active ThemeGrill template, and with the vulnerable plugin installed are at risk. Also, if the site database contains a user named Admin, the attacker can gain access to that user with administrator privileges for the whole site.

The vulnerability affects versions of ThemeGrill Demo Importer from 1.3.4 through 1.6.1. Theme Grill solved the problem and released an updated version of the plugin 1.6.2, over the weekend.

This is the second WordPress bug discovered this year and, which can allow the attacker to delete the site’s databases. Last month, Wordfence discovered a similar problem in the WP Database Reset plugin, installed on over 80 thousand websites. You can deepen the topic at the news Serious flaws for three WordPress plugins: 400 thousand sites at risk.