Request Media Kit

100,000 WordPress Sites Vulnerable To Being Wiped

To make matters worse, this vulnerability is being actively exploited. WebARX has already stopped over 16,000 attacks attempting to exploit the plugin....
100,000 WordPress Sites Vulnerable To Being Wiped
Written by Matt Milano
  • A security issue in a popular WordPress plugin has left some 100,000 websites vulnerable to being completely wiped.

    Security firm WebARX discovered a flaw in the ThemeGrill Demo Importer plugin. The plugin imports other plugins developed by ThemeGrill. When WebARX first discovered the flaw, some 200,000 websites had the plugin installed, although that number has now dropped to 100,000. This is likely due to companies uninstalling the plugin to mitigate the risk.

    To make matters worse, this vulnerability is being actively exploited. WebARX has already stopped over 16,000 attacks attempting to exploit the plugin.

    “This is a serious vulnerability and can cause a significant amount of damage,” writes WebARX. “Since it requires no suspicious-looking payload just like our previous finding in InfiniteWP, it is not expected for any firewall to block this by default and a special rule needs to be created to block this vulnerability.”

    ThemeGrill has updated the plugin to fix the vulnerability. All impacted sites would install the new version immediately.

    Get the WebProNews newsletter
    delivered to your inbox

    Get the free daily newsletter read by decision makers

    Subscribe
    Advertise with Us

    Ready to get started?

    Get our media kit