Are your websites too affected by ThemeGrill WordPress Vulnerability? Here is the fix!

Here, hackers make use of the vulnerable ThemeGrill plugin to execute unauthorized actions as an admin user.

At Bobcares, we patch up servers against known vulnerability, as a part of our Server Management Services.

Today, let’s see how our Support Engineers deal with this new WordPress vulnerability.

A quick look on ThemeGrill Demo Importer plugin

Before jumping into the details, let’s get an idea on ThemeGrill Demo Importer plugin.

Basically, it is a WordPress plugin that allows site admins to easily import demo content, widgets, and settings from ThemeGrill.

Additionally, this plugin comes with some free and premium themes provide by ThemeGrill company.

Today, let’s see how this plugin is opening the door for the hackers to enter into WordPress sites.

What is this ThemeGrill WordPress Vulnerability?

On February 17, 2020, a critical bug was reported with ThemeGrill Demo Importer plugin. This allows the affected plugin to execute some functions with administrative privileges on the WordPress website.

Here, they do this without checking whether the code is executing by an authenticated user or an admin.

And, the attacker uses this key to enter the site and wipes the entire database of the website. As a result, the website suddenly disappears and shows up the default WordPress index page.

Is my WordPress website under risk?

That raises the question of whether my WordPress falls under the risk.

Yes, if you have ‘ThemeGrill Demo Importer plugin’ installed and activated in your WordPress.

According to the report released, this vulnerability affects ThemeGrill Demo Importer plugin version 1.3.4 up to 1.6.1.

The fix for ThemeGrill vulnerability

It’s now time to see the fix for ThemeGrill vulnerability.

In our Support Management Helpdesk, we received reports from customers that their sites disappeared suddenly and replaced with the default “Hello world” post page.

Hence, we checked this from the Dashboard >> Plugins >> Active, we found that all the affected sites have ThemeGrill Demo Importer plugin activated.

Consequently, hackers succeeded in making use of the exploit.

To bring back the website online, we disabled the affected plugin and restored the websites of customers from the backup.

As per the latest update of the ThemeGrill team, they patched up the vulnerability in version 1.6.3. Therefore, for customers who require the plugin, we help them in upgrading it.

Most importantly, such plugin vulnerabilities are quite common in popular applications like WordPress. That is why our Dedicated Engineers always do periodic WordPress updates, maintain regular backups, etc. in our managed servers.

[Clueless about the WordPress vulnerability status of your websites? Our experts can help you.]

Conclusion

In short, we can resolve this WordPress vulnerability by updating the ThemeGrill Demo Importer plugin and restoring the site from the backup. And our Support Engineers proactively maintain website backups to deal with emergencies.