Brutal WordPress plugin bug allows subscribers to wipe sites

A high severity security flaw found in a WordPress plugin with more than 8,000 active installs can let authenticated attackers reset and wipe vulnerable websites.

The plugin in question, known as Hashthemes Demo Importer, is designed to help admins import demos for WordPress themes with a single, without dealing with installing any dependencies.

The security bug would allow authenticated attackers to reset WordPress sites and delete almost all database content and uploaded media.

Wordfence QA engineer and threat analyst Ram Gall explained that the plugin failed to properly perform…


More Info

About mblog.my

Check Also

Re-Creating The New York Times’ Website in Under 30 Minutes Using WordPress.com – WordPress.com News

Re-Creating The New York Times’ Website in Under 30 Minutes Using WordPress.com – WordPress.com News

Using WordPress blocks and the Site Editor to quickly build a lookalike of one of …

Leave a Reply

Your email address will not be published. Required fields are marked *