Severe security flaw discovered in a WP plugin: do you use WordPress?
A you a WordPress user?
If so, you need to be aware of a security flaw found in the Hashthemes Demo Importer plugin. This plugin is used by thousands of websites and can let authenticated attackers reset and wipe vulnerable websites. The vulnerability alert came to our attention via our security team who have already notified the developer about it (as well as other development agencies). However, there’s no word on when or if a patch will be released for this issue. So we recommend that all users remove this plugin from their sites immediately until further notice.
The plugin has over 100,000 active installs on the official WordPress plugin directory alone. We’re not sure how many people are using this plugin outside of that platform but if you use it at all, we recommend disabling it immediately until the issue is resolved.
Our team and others say that this particular exploit could allow an attacker to gain full access to your site including deleting everything from files to databases and even installing malware or ransomware without any trace left behind after they do so!
The plugin in question is designed to help admins import demos for WordPress themes with a single click.
We know how important your website is to you, which is why we want to make sure that your site stays safe at all times. That’s why our team has created an easy-to-use platform where anyone can keep their own website secure without having any coding knowledge whatsoever. Our platform comes with everything you could ever need including direct access to a dedicated WordPress developer, cloud hosting with uptime monitoring, 24/7 support, SEO reports, and much more!