Security Experts:

WordPress Websites Hacked via Vulnerabilities in Two Themes Plugins

Vulnerabilities in two popular WordPress plugins, ThemeREX Addons and ThemeGrill Demo Importer, are being exploited to hack websites.

The vulnerability affecting the ThemeGrill Demo Importer plugin was disclosed just a few days ago by web security company WebARX. The company’s researchers found that the plugin is affected by a flaw that can be exploited to wipe a website’s database and, in certain conditions, gain administrator access to the site.

ThemeGrill Demo Importer is currently installed on over 100,000 websites, but the number of active installations exceeded 200,000 when the vulnerability was disclosed.

Just days after the existence of the flaw was made public, ThemeGrill customers started reporting that the security hole had apparently been exploited to hack their websites. ThemeGrill has advised users to update to the latest version or simply remove the plugin as it’s only needed to import and set up the initial demo for ThemeGrill themes.

Hackers have also started exploiting a critical vulnerability in the ThemeREX Addons plugin to take control of WordPress websites.

According to WordPress security firm Defiant, the plugin, which provides theme management features and is installed on roughly 44,000 websites, is affected by a vulnerability that allows an unauthenticated attacker to execute arbitrary code and create rogue admin accounts for a website.

ThemeREX has yet to release a patch for the vulnerability and users have been advised to either remove the plugin or use third-party security solutions to protect their WordPress websites against attacks.

“We currently have very little data on who is exploiting this vulnerability and what artifacts are being left behind, however, we do know that attacks are targeting administrative user account creation,” Defiant said in a blog post.

The company has released only a few details about the vulnerability to prevent further abuse.

Related: Zero-Days in WordPress Plugin Actively Exploited

Related: Hackers Target WordPress Sites via WP Cost Estimation Plugin

Related: Recently Disclosed WordPress Plugin Flaws Exploited in Malvertising Operation

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.