CVE-2021-39333

Name of the Vulnerable Software and Affected Versions: Hashthemes Demo Importer Plugin versions 1.1.1 and earlier

Description: The issue allows logged-in users to execute a function that truncates nearly all database tables and removes the contents of wp-content/uploads, due to several AJAX functions relying on a nonce visible to all logged-in users for access control.

Recommendations: For Hashthemes Demo Importer Plugin versions 1.1.1 and earlier, consider disabling the AJAX functions that rely on the visible nonce until a patch is available. Restrict access to these functions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.