Brutal WordPress plugin bug allows subscribers to wipe sites

A high severity security flaw found in a WordPress plugin with more than 8,000 active installs can let authenticated attackers reset and wipe vulnerable websites.

The plugin in question, known as Hashthemes Demo Importer, is designed to help admins import demos for WordPress themes with a single, without dealing with installing any dependencies.

The security bug would allow authenticated attackers to reset WordPress sites and delete almost all database content and uploaded media.

Wordfence QA engineer and threat analyst Ram Gall explained that the plugin failed to properly perform…

More Info


Check Also

Why do you need Themesinfo WordPress theme detector?

When you are taking steps to build your websites, there are specific modern tools available. …

Leave a Reply

Your email address will not be published. Required fields are marked *