WordPress Plugin Bug Lets Subscribers Wipe Sites

October 29, 2021 OneNeck IT Solutions

A high-severity security flaw found in a WordPress plugin that has 8,000+ active installs can allow authenticated attackers to reset and wipe vulnerable websites.

This plugin, Hashthemes Demo Importer, was developed to assist admins when importing demos for WordPress themes to import the full demo with one click.

According to Wordfence’s QA engineer and threat analyst Ram Gall, “The flaw gives any authenticated attacker, even the subscriber-level user with minimal permissions, the ability to reset WordPress sites by zapping virtually all its databases and uploaded media.” He goes on to say that “if exploited, the flaw would render a website running the vulnerable plugin completely unrecoverable, unless of course its owners had properly backed it up.”

Note that a corrected version (version 1.0.7) has been uploaded by the plugin’s developer.

While this vulnerability is specific to WordPress users, it’s a prime example that plugins expand the attack surface. OneNeck CISO Katie McCullough states, “Best practice is to use the fewest number of plugins needed to complete work, and uninstall any plugins not being used. And specific to this vulnerability, ensure WordPress and plugins are updated to the latest versions and have the most recent patches applied.”

An effective security defense really starts with the basics. As Katie states, “Some companies think they can deploy patches on a quarterly basis or put them off indefinitely because they want to avoid downtime, but we’ve seen how costly such decisions can be.”

So, moral of the story, be diligent in your updates and patching. Good cyber hygiene can be what keeps your organization safe from bad actors.

Interested in talking to one of our security experts? Contact us today.

This post WordPress Plugin Bug Lets Subscribers Wipe Sites first appeared on OneNeck.

Previous Article
Simplify Your Computing With Hyperconverged Infrastructure
Simplify Your Computing With Hyperconverged Infrastructure

Scalability, flexibility and cost-efficiency are all hallmarks of a high-performing data center. However, w...

Next Article
How Can You Use Digital Transformation To Keep Pace With Technological Progress?
How Can You Use Digital Transformation To Keep Pace With Technological Progress?

Digital transformation has given businesses across many industries a competitive advantage. While gaining a...