Security News > 2020 > February > WordPress Websites Hacked via Vulnerabilities in Two Themes Plugins
Vulnerabilities in two popular WordPress plugins, ThemeREX Addons and ThemeGrill Demo Importer, are being exploited to hack websites.
Just days after the existence of the flaw was made public, ThemeGrill customers started reporting that the security hole had apparently been exploited to hack their websites.
Hackers have also started exploiting a critical vulnerability in the ThemeREX Addons plugin to take control of WordPress websites.
According to WordPress security firm Defiant, the plugin, which provides theme management features and is installed on roughly 44,000 websites, is affected by a vulnerability that allows an unauthenticated attacker to execute arbitrary code and create rogue admin accounts for a website.
ThemeREX has yet to release a patch for the vulnerability and users have been advised to either remove the plugin or use third-party security solutions to protect their WordPress websites against attacks.