Tenable Blog

ThemeGrill Demo Importer Vulnerability Actively Exploited in the Wild

February 18, 2020 • 2 Min Read
by Ryan Seguin
Blog Home / Cyber Exposure Alerts

Severe vulnerability in ThemeGrill Demo Importer WordPress plugin is being actively exploited in the wild. Users should upgrade to version 1.6.3 ASAP.

Hintergrund

The ThemeGrill Demo Importer WordPress plugin allows users to import ThemeGrill theme demos in one click. Versions 1.3.4 to 1.6.2 are vulnerable to a remote unauthenticated database wipe and authorization bypass vulnerability. Users are encouraged to upgrade to version 1.6.3 as active attacks have been reported in the wild against users on 1.6.2 and below.

Analyse

On February 15, WebARX disclosed a vulnerability in the ThemeGrill Demo Importer for WordPress, which could allow an unauthenticated, remote attacker to execute administrator functions, including reverting all the site’s settings back to their default configuration and wiping all the database tables.

To exploit this vulnerability, a ThemeGrill theme must be installed and activated on a site. If there is an administrative user with the username ‘admin,’ then an attacker will also be automatically logged in as ‘admin’ after the site is wiped.

Proof-of-Concept

There is no public proof of concept (PoC) available at this time, but attacks have been reported by WebARX, and a list of known malicious IPs can be found at the bottom of the WebARX disclosure page.

Reaktion des Anbieters

On February 16, ThemeGrill released 1.6.2 to address this vulnerability. However, ThemeGrill released version 1.6.3 on February 18 to address issues with the initial fix. Version 1.6.3 removes the automatic invocation of a full reset, and instead directs the user to the plugin’s reset wizard. This comes after reports that users on version 1.6.2 were still being exploited.

ThemeGrill Plugin

Lösung

At the time of publication, there is no known effective workaround that would not disrupt functionality of the plugin. Users are encouraged to upgrade to version 1.6.3 of the plugin for mitigation.

Identifizieren betroffener Systeme

A list of Tenable plugins to identify this vulnerability will appear here as they’re released.

Weitere Informationen

Verfolgen Sie die Beiträge des Security Response Team von Tenable in der Tenable Community.

Erfahren Sie mehr über Tenable, die erste Cyber Exposure-Plattform für die ganzheitliche Verwaltung Ihrer modernen Angriffsoberfläche.

Testen Sie Tenable.io Vulnerability Management 30 Tage kostenlos.

Ryan Seguin

Ryan joined Tenable in 2013 as a customer support engineer assisting customers with technical troubleshooting and product education. After that, he helped create dashboard and report templates for SecurityCenter that users can download through the Tenable.sc feed. Now Ryan is a member of the Security Response team, informing customers of the latest security threats, and providing in-depth analytics for today’s most critical vulnerabilities.

Interests outside of work: Ryan is a retro video game console/arcade hardware enthusiast and modder, and he is also studying Japanese and hopes to one day be fluent.

Exposure-Management-Plattform Tenable One

Plattform-Kategorien

Plattform-Funktionen

Cloud Exposure

Schwachstellen-Exposure

OT/IoT-Exposure

Identity-Risiken

Geschäftsanforderungen

Branche

Compliance

Öffentlicher Sektor

Ressourcen

Forschung

Partner suchen

Tenable Assure-Partner

Technologie-Partner

Support

Services

Tenable Trust

Über uns

Werden Sie Teil unseres Teams

Warum Tenable?

Medien

Verbindungen

Tenable Blog