Researchers are urging users of a vulnerable WordPress plugin, ThemeGrill Demo Importer, to update as soon as possible after discovering attackers are actively exploiting a flaw in the plugin.
The ThemeGrill Demo Importer plugin is owned by ThemeGrill, which offers various templates for website outlines. This WordPress plugin helps users import and manage ThemeGrill templates on their sites. As of last week, the plugin had 200,000 active installations. According to WebARX, who discovered the flaw, on Tuesday that number has dipped to 100,000 installs. It is unclear at this time what accounts for the drop in the number of WordPress plugin installs.
Researchers disclosed a flaw in the plugin this week, which allows unauthenticated, remote attackers to execute some administrator functions – without checking if they are an administrator. One such function is the capability to wipe the entire database of the vulnerable website, bringing it to its default state and clearing website databases of existing posts and user roles. And, after carrying out this action, an attacker would also then be logged in as an administrator – giving them complete control over the website.
Versions from 1.3.4 to 1.6.1 are impacted by this flaw. According to the WordPress plugin repository, versions 1.4, 1.5 and 1.6 make up 98.6 percent of active versions of the plugin. Researchers say that the issue has existed in the plugin’s code for about three years (since version 1.3.4).