Plugin flaw leaves up to 200,000 WordPress sites at risk of attack

Tomas Foltyn, Security Writer at ESET
Tomas Foltyn, Security Writer at ESET.
5 years ago

A popular WordPress theme plugin that’s installed on some 200,000 websites has been found to contain a serious vulnerability that, if abused, could allow remote attackers to wipe the sites and gain admin access to them.

Discovered by website security outfit WebARX, the security flaw affects the ThemeGrill Demo Importer plugin, which comes installed with site themes designed by web development company ThemeGrill. WordPress website admins can use the plugin to import demo content, widgets and settings and easily customise their site’s theme.

For three years, however, the plugin suffered from a security hole that left the sites open to remote attacks. In versions 1.3.4 up to 1.6.1, “there is a vulnerability that allows any unauthenticated user to wipe the entire database to its default state after which they are automatically logged in as an administrator,” reads the report.

“In order to be automatically logged in as an administrator, there must be a user called ‘admin’ in the database. Regardless of this condition, the database will still be wiped to its default state,” said the researchers. The exploit only works if the plugin is activated.

Either way, the firm stressed that the exploit doesn’t require any suspicious-looking payload, similar to the exploit abusing a critical vulnerability in the InfiniteWP Client and WP Time Capsule plugins that was disclosed Six weeks ago.

WebARX said that it discovered and reported the latest security hole to the tool’s developer on February 6. The fix was eventually supplied with the plugin’s version 1.6.2 on February 15. As a result, users are advised to ensure that they run either this version or version 1.6.3, which was rolled out earlier.

WordPress in attackers’ crosshairs

WordPress security should be high on the agenda of any website owner using the web publishing software. According to W3Techs, WordPress powers more than 35% of all websites, and its popularity is partly thanks to thousands of available official plugins that extend the sites’ functionalities.

On the other hand, the platform’s success can also turn all those sites into juicy targets for cybercriminals, and out-of-date plugins and themes often increase the attack surface of WordPress installations. Besides updating the core software, then, the importance of also keeping plugins up-to-date and ditching abandoned and no-longer-needed plugins cannot be overstated.

In addition, since many hacks originate from compromised login credentials, make sure your password or passphrase is strong and unique and that, wherever available, you use two-factor authentication for extra security.

Don't Miss

ESET Named Strategic Leader in EPR Comparative Report 2024

ESET has been rigorously tested and named a Strategic Leader in the AV-Comparatives

ESET Research discovers NGate: Android malware, which relays NFC traffic to steal victim’s cash from ATMs

ESET researchers discovered a crimeware campaign targeting clients of three Czech banks