Security News

Researchers are urging users of a vulnerable WordPress plugin, ThemeGrill Demo Importer, to update as soon as possible after discovering attackers are actively exploiting a flaw in the plugin. This WordPress plugin helps users import and manage ThemeGrill templates on their sites.

A popular WordPress theme plugin with over 200,000 active installations contains a severe but easy-to-exploit software vulnerability that, if left unpatched, could let unauthenticated remote attackers compromise a wide range of websites and blogs. The vulnerable plugin in question is 'ThemeGrill Demo Importer' that comes with free as well as premium themes sold by the software development company ThemeGrill.

A serious vulnerability found in a WordPress themes plugin with over 200,000 active installations can be exploited to wipe a website's database and gain administrator access to the site. ThemeGrill Demo Importer is a popular plugin that allows WordPress website administrators to import demo content, widgets and settings for ThemeGrill themes.

A vulnerability in a popular WordPress user role plugin lets any random person create an admin-level account on targeted websites. The bug in Profile Builder was given a CVSS score of 10.0 by WordPress security biz Wordfence, though precise details of the bug are not yet available on the usual CVE-tracking websites.

A popular WordPress theme plugin with over 200,000 active installations contains a severe but easy-to-exploit software vulnerability that, if left unpatched, could let unauthenticated remote attackers compromise a wide range of websites and blogs. The vulnerable plugin in question is 'ThemeGrill Demo Importer' that comes with free as well as premium themes sold by the software development company ThemeGrill.

A popular WordPress plugin, which helps make websites compliant with the General Data Protection Regulation, has issued fixes for a critical flaw. The plugin, GDPR Cookie Consent, which helps businesses display cookie banners to show that they are compliant with EU's privacy regulation, has more than 700,000 active installations - making it a ripe target for attackers.

A high-severity vulnerability exists in a popular WordPress plugin, potentially opening up 200,000 websites to takeover. The WordPress plugin in question in Code Snippets, which allows users to run small chunks of PHP code on their websites.

Popular WordPress plugin Code Snippets recently received a patch for a high-severity vulnerability that can be exploited to take control of affected websites. The Code Snippets plugin, which has over 200,000 installations, provides admins with a graphical interface to run PHP code on their WordPress-powered websites by removing the need to add custom snippets to the theme's functions.

Researchers have discovered password bypass vulnerabilities affecting two WordPress plugins from a publisher called Revmakx. The first vulnerable plugin is RevMakx's InfiniteWP Client, a tool that allows admins to manage multiple WordPress sites from the same interface.

Two WordPress plugins, InfiniteWP Client and WP Time Capsule, suffer from the same critical authorization bypass bug that allows adversaries to access a site's backend with no password. All an attacker needs is the admin username for the WordPress plugins and they are in, according to researchers from WebArx who created proof-of-concept attacks to exploit the vulnerability.