Critical Bug in WordPress Theme Plugin Opens 200,000 Sites to Hackers

From thehackernews.com

wordpress hacking theme

A popular WordPress theme plugin with over 200,000 active installations contains a severe but easy-to-exploit software vulnerability that, if left unpatched, could let unauthenticated remote attackers compromise a wide range of websites and blogs.

The vulnerable plugin in question is ‘ThemeGrill Demo Importer‘ that comes with free as well as premium themes sold by the software development company ThemeGrill.

ThemeGrill Demo Importer plugin has been designed to allow WordPress site admins to import demo content, widgets, and settings from ThemeGrill, making it easier for them to quickly customize the theme.

Read more…