Cybersecurity is one of the things that wast highlighted so much for some years until now. After a lot of cases that proved how fragile cybersecurity is now, you know that anyone can get vulnerable to attackers. Many times it is the bugs that make your security vulnerabilities and attackers exploit these bugs. Another case of such an event has come up that made WordPress websites vulnerable to criminals. A bug allowed attackers to cause trouble to WordPress sites and a large number of sites were affected by this. Those affected by this could even lose their access to the WordPress site.
This was a WordPress Plugin vulnerability that attackers are widely exploiting and the number of sites attacked is also huge. 100,000 WordPress sites have been reported so far that they have installed the plugin ThemeGrill Demo Importer. This is the flawed part that is causing the vulnerability making it possible for attackers to mess with sites. The bug as actively getting used and 17,000 of such attacks have been blocked so far making it hard to think of the number of victims. The worst that can happen to the victims is that their site could be deleted by the attacker.
The WordPress Plugin ThemeGrill Demo Importer was the source and all the sites that had it installed were vulnerable to attack. Attackers can possibly take over the websites with this vulnerability after cleaning all data with wipe all data. This account takeover is possible only with websites that have an account named ‘admin’. Once the attacker has wiped all data they automatically get access to the website as an admin and the website gets hacked. In case there is no admin account the attackers can take over the site but rather just wipe data that doesn’t benefit them.