200,000 Wordpress Sites Vulnerable due to ThemeGrill Demo Importer

If you have a Wordpress website, you might want to pay attention to this blog. Flaws have been found in one of Wordpress’ most widely used plug-ins, the ThemeGrill Demo Importer, which has over 200,000 installs. The functionality of the plug-in allows uneducated website design users to design stunning looking websites via their selection of thousands of different templates, similar to wix.com.

The vulnerability lies within the ThemeGrill Demo Importer plug-in which allows hackers to reset the entire database and essentially leaves users with the standard ‘hello world’ message when they load up their site. The vulnerability only lies within versions 1.3.4 and above to 1.6.1 and below. It allows for unauthenticated users to access and wipe entire databases to its default state (hence the ‘hello world’ message that many users have found). At this point, the user will be automatically logged in as an administrator and have access to the site.

If you have been affected by the issue, or you suspect that you are vulnerable to an attack you simply must uninstall the ThemeGrill Demo Import plug-in. Updating it is simply not an option, though the developers have released a patch.

Here you can see the active install growth charted, since the attack the plug-in has clearly been uninstalled by multiple users.

It’s attacks like this that have to make us question the security or the vulnerability of having a website in Wordpress going forward. It’s often considered safe due to its large user adoption however is this necessarily true?

We have never been, and never will be fans of the Wordpress CMS and that’s simply due to the fact that it needs to be frequently updated, it relies heavily on plug-ins in order for any customisation to occur and obviously it’s vulnerability to such attacks. This is why we are advocates of CraftCMS and OpenCart which to date we have not suffered any issues like the one multiple businesses have faced this weekend.