PT-2024-10847 · WordPress · Themegrill-Demo-Importer

Dave Jong

Published

2024-10-15

Updated

2024-10-21

CVE-2020-36837

CVSS v3.1

9.9

Critical

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ThemeGrill Demo Importer plugin for WordPress versions 1.3.4 through 1.6.1

Description The ThemeGrill Demo Importer plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the reset wizard actions function. This makes it possible for authenticated attackers to reset the WordPress database. If there is a user named 'admin', the attacker will become automatically logged in as an administrator.

Recommendations For versions 1.3.4 through 1.6.1, update to the latest version immediately to mitigate risks. As a temporary workaround, consider restricting access to the reset wizard actions function until a patch is available. Avoid using the plugin until the issue is resolved.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2020-36837

Affected Products

Themegrill-Demo-Importer

PT-2024-10847 · WordPress · Themegrill-Demo-Importer

CVE-2020-36837

Weakness Enumeration

Related Identifiers

Affected Products

References · 14