Security is something a lot of people take for granted nowadays. Everyone has grown accustomed that someone else will do the job, someone out there with a magic wand is taking care of things for you.
It’s true, there are a lot of people working night and day to provide security patches to software that would otherwise harm you, but most people *sigh* when they see a new Update!
This week alone we had a couple of major news concerning hundreds of thousands of websites and also thousands of Windows 10 users. We knew about the Windows 10 update that was causing a major problem having their users Windows cleaned out, which basically wipes all the data from your hard drive and you are left with a clean installation of Windows 10 without a single Notepad file left to console you in the darkness. This week after some time, Microsoft finally acknowledged the issue with the newest update.
But that was not all, yesterday (18th February 2020) reports started coming out that one of the most popular theme shops for WordPress and their Demo Importer tool (plugin) had a serious security issue.
At the time more than 200.000 active installations of the plugin ThemeGrill Demo Importer according to WebARX, we can see that now the plugin has 100.000+ installations which means that the message about the vulnerability got out fast and prevented some serious consequences for a lot of people.
The version of the plugin from 1.3.4 until 1.6.1 has a vulnerability that allows allows any unauthenticated user to wipe the entire database to its default state after which they are automatically logged in as an administrator. The prerequisite is that there must be a theme installed and activated that was published by ThemeGrill. In order to be automatically logged in as an administrator, there must be a user called “admin” in the database. Regardless of this condition, the database will still be wiped to its default state. Based on the SVN commit history, this issue has existed in the code for roughly 3 years, since version 1.3.4.
WebARX are the one that reported this issue to the Plugin Developers and the issue was dealt with. WebARX has blocked over 16,000 attacks against this vulnerability since 16th of February. They even have a list of IP addresses currently exploiting this vulnerability with 100 or more attacks blocked.
You can find a list of potential security issues with WordPress plugins right here. It’s good to check from time to time, and even follow us as we will notify and report any Major Security Issues that might come to light.