Vulnerability in WordPress plug-in allows hackers to clean up up to 200000 websites, and wordpress attacks

One year ago (2023-11-30) Chief Editor
3 minutes
two hundred and eighty-seven
zero

Users of WordPress sites that use the business themes provided by ThemeGrill have noticed. We suggest that you update a plug-in installed with these themes as soon as possible to fix a key vulnerability that allows attackers to clear websites.

Message from webmaster's home (ChinaZ. com) on February 18: Users of WordPress sites that use the business themes provided by ThemeGrill have noticed. We suggest that you update a plug-in installed with these themes as soon as possible to fix a key vulnerability that allows attackers to clear websites.

The vulnerability lies in the ThemeGrill Demo Importer, which comes with the sales business WordPress Theme Themes sold by ThemeGrill, a web development company.

This plug-in is installed on more than 200000 websites, allowing website owners to import demo content into their ThemeGrill theme, so that they can build their own websites based on examples.

However, in a report released yesterday, WebARX, a WordPress security company, said that the old version of ThemeGrill Demo Importer was vulnerable to remote attacks by unauthenticated attackers. Remote hackers can send specially crafted payloads to vulnerable websites and trigger the internal functions of plug-ins.

The vulnerable function resets the content of the site to zero, effectively clearing the content activated by the ThemeGrill theme in all WordPress sites, and installing vulnerable plug-ins.

In addition, if the site's database contains a user named "admin", the attacker will be granted access to the user, who has full administrator privileges of the site.

WebARX indicates that this vulnerability affects all 1.3 4 to 1.6 1 version of the ThemeGrill Demo Importer plug-in. ThemeGrill, the plug-in developer, fixed this vulnerability and released 1.6 Version 2. (zdnet)

This article is written by: Chief Editor Published on Software Development of Little Turkey , please indicate the source for reprinting: //hongchengtech.cn/blog/1208.html
Kuke_WP editor
author

Related recommendations

1 year ago (2024-02-20)

Multi store system management - store management design, how to do multi store system design scheme

Store management is an important part of the e-commerce platform. The platform administrator manages store information, goods, orders, settlement methods and other contents through the store management function. The author of this paper analyzes the design of store management in multi merchant system management. Let's have a look. 1、 Introduction The store management is an important part of the e-commerce platform. The platform administrator manages the store through
seven hundred and twenty-two
one
1 year ago (2024-02-19)

Sitecore: What major functions does a high-quality and powerful content management system need to have?

An appropriate content management system (CMS) is an urgent task for enterprises to maintain competitiveness through digital upgrading and transformation. Now 90% of enterprise website building and development uses CMS, which can easily create excellent customer experience in all channels, help enterprises attract new customers, retain old customers and turn existing customers into loyal customers, expand market share and increase revenue
three hundred and seventy-eight
zero
1 year ago (2024-02-18)

The combination and application of content management system and marketing technology, and the combination and application of content management system and marketing technology

B2B content marketing hopes to deliver valuable content to customers at their own stage in a timely manner during their purchase journey. Such as brand and solution related content in the cognitive stage, industry cases in the consideration stage and user confidence building stage, in-depth service introduction in the purchase stage, etc. These contents include images, videos, web pages, white papers
three hundred and seventeen
zero
1 year ago (2024-02-18)

In the second quarter, 648 websites were interviewed by the national network information system according to law, 56 websites were suspended from updating, and the spirit of the national network information work conference was ppt

According to the data released by "Cybertrust China", in the second quarter, the national Cybertrust system continued to strengthen administrative law enforcement, standardize administrative law enforcement, and investigate and deal with all kinds of illegal cases according to law. Original title: In the second quarter, 648 websites were interviewed by the national online trust system in accordance with the law, 56 websites were suspended from updating, and the TechWeb news on July 30 was released according to "online trust China"
three hundred and eleven
zero
1 year ago (2024-02-17)

Introduction and recommendation of ten free cms website building systems, and ten free defective software

It is particularly important to choose a easy-to-use cms website building system for website management and maintenance. We will choose different website building systems according to different website types, but the load, security, ease of use, versatility and subsequent development of the program are all basic criteria for everyone to choose a website building system. According to the webmaster station ranking and aleax ranking, the top 1
three hundred and seventy-six
zero
1 year ago (2024-02-17)

What are the advantages of Shanghai cms website?, How to build a website for cms

Original title: What are the benefits of building a website by Shanghai cms? Before the advent of cms, we usually found a website production company to carry out customized development. It can also be said that in fact, these website production companies also have their own formed website construction system, but it is not available for users to download. What we are talking about now is a website construction system that can be downloaded to build websites
three hundred and twenty-two
one

comment

0 people have participated in the review

Scan code to add WeChat

contact us

WeChat: Kuzhuti
Online consultation: