Brutal WordPress plugin bug allows subscribers to wipe sites

A high severity security flaw found in a WordPress plugin with more than 8,000 active installs can let authenticated attackers reset and wipe vulnerable websites.

The plugin in question, known as Hashthemes Demo Importer, is designed to help admins import demos for WordPress themes with a single, without dealing with installing any dependencies.

The security bug would allow authenticated attackers to reset WordPress sites and delete almost all database content and uploaded media.

Wordfence QA engineer and threat analyst Ram Gall explained that the plugin failed to properly perform…


More Info

About mblog.my

Check Also

AVCOG hosts free WordPress 101 webinar

AUBURN — The Androscoggin Valley Council of Governments is presenting the free webinar Website Development …

Leave a Reply

Your email address will not be published. Required fields are marked *