Posted on February 18, 2020 at 1:38 PM
A recent report by WebARX Security Firm revealed that a widely used WordPress theme plugin with more than 200,000 installations is believed to be vulnerable to exploitation. According to the findings, its vulnerability is easy to exploit, and if not patched on time, could encourage remote attackers to compromise different blogs and websites that use the plugin.
The report revealed that ThemeGrill Demo Importer” is the name of the vulnerable plugin that could be prone to attack. The WordPress plugin has both paid and free themes sold by the software development firm ThemeGrill.
The main function of the plugin is to help admins of WordPress sites import settings, widgets, and demo contents from ThemeGrill, which makes it a bit easier to customize the theme.
WebARX shared the report and stated that when a user installs and activates the ThemeGrill, some functions at the affected plugin are automatically executed. Upon execution, it gives administrative privileges without verifying whether the user running the code is the admin or is authenticated to execute such codes.
Vulnerability a very serious one
Based on the report of WebARX, the vulnerability of the plugin is a very serious one, as it can cause a whole lot of damage to site and blog owners that have installed the affected plugin in their site.
Since it does not need any suspicious-looking payload, a firewall may not be able to prevent the vulnerability by default. The worst part is the fact that there is no specific order designed to automatically block the vulnerability. This leaves the plugin at a very high risk of exploitation, which could be devastating.
Vulnerability is an open invitation to hackers
According to the security firm, the vulnerability could open a backdoor for unauthorized remote attackers to completely wipe the whole database of blogs or websites to its default state, rendering the enormous efforts of the site owner useless.
After wiping the data from the site, the hackers would be able to log in as the site’s administrator, which will give them complete control over the site.
WebARX warns that the vulnerability could make an unauthorized intruder have complete control of the site with all the privileges of the site administrator. The security team also said that the vulnerability affects the ThemeGrill Demo Importer from versions 1.3.4 to versions 1.5.1, which were all released within the past three years.
As a cyber-security firm, WebARX detects vulnerabilities and offers software patching services to defend websites against unauthorized component attacks. The firm sent its discoveries on the vulnerability to the developers of ThemeGrill two weeks ago. However, ThemeGrill Developers responded two days ago with the release of a patch to the vulnerability.
If a WordPress plugin is running out of date or seriously facing vulnerability issues, the WordPress dashboard usually sends notifications automatically to the admin. However, if you don’t want to wait for manual updates on plugins, you can decide to have them automatically updated. The automatic option is a more secure and safer way of keeping sites protected.
WordPress plugins still facing vulnerability issues
This is not the first time security researchers have discovered vulnerabilities in WordPress theme plugin. And it’s unlikely going to be the last. There has been both smaller and higher scale of plugin vulnerabilities reported by cyber-security outfits since the beginning of the year. Some hackers have even taken advantage of some cases to infiltrate and attack sites.
For instance, last month, about 2,000 WordPress sites were hacked as a result of vulnerabilities in WordPress plugins. The attackers fueled a campaign and redirected the affected sites’ visitors to scam sites containing fake adobe flash downloads, giveaways, fake surveys, and unwanted browser notifications.
Sucuri, the cyber-security firm that detected the attack, reported that some of the exploited vulnerable plugins were the “Single Fields” plugins and the “CP contact form with PayPal. However, the security outfit said other plugins could also be vulnerable.
There have been other reports of vulnerabilities of WordPress theme plugins. Security experts are advising that users should prevent hackers from gaining control of their sites by automatically updating their plugins.