skip to Main Content

WordPress, Hashthemes Demo Importer has a critical vulnerability

WordPress, Hashthemes Demo Importer has a critical vulnerability. Wordfence cybersecurity experts: The plugin flaw enables any authorized user to entirely wipe a site clean, erasing all of the material and data posted to it

Hashthemes Demo Importer is a popular WordPress plugin, but it has a critical vulnerability. It has been discovered by Wordfence cybersecurity experts. The flaw enables any authorized user to entirely wipe a susceptible site clean, erasing all of the material and data posted to it. According to Lifars, the plugin capability checks for several AJAX operations were inadequate. That enabled underprivileged authenticated users of the site to see the AJAX nonce on the dashboard. As a result, any authenticated opponent may reset the site, even if they were just at the subscriber level. In the worst-case scenario, a cybercrime actor may even altogether remove the site’s content from the internet.

Back To Top