Researchers have helped update a high-severity security vulnerability in a popular WordPress plugin, which can be exploited to wipe out and completely reset any vulnerable WordPress website.
The vulnerability is located in the Hashthemes Demo Importer plugins, which claim over 8,000 active installations and is intended to allow administrators to import demos for WordPress themes with one click.
The vulnerability allows any authenticated intruder, even a subscriber-level user with minimal capabilities, to reset WordPress sites by deleting virtually all databases and uploading a video.
According to Gall, the vulnerability exists because the faulty Hashthemes demo import plug-in failed to properly perform capacity checks for many of its AJAX actions.
“Although he performed a nonce check, the AJAX nonce was visible in the admin dashboard to all users, including low-privileged users such as subscribers. The most serious consequence of this was that a subscriber level user could reset all of the content on a given site ”, Noted Gall.
According to Gall, if the vulnerability were exploited, a website using the vulnerable plugin would become completely unrecoverable unless its owners properly backed it up.
They also said they alerted the WordPress plugins team to the issue after reporting it to the plugin developer, but there was no response.
They then emailed the WordPress plugins team, who removed the plugin from their store for a review.
However, while the plugin developer updated the corrected version a few days later, Gall claims that the changelog for the new version did not mention it.
Pop culture geek with subtle charm. Amateur analyst. Passionate about independent television. Coffee lover