Hashthemes Demo Importer WordPress Plugin Vulnerability

The Hashthemes Demo Importer and is found in more than 8,000 blogs, according to researchers at Wordfence. It’s a high-severity security flaw. This WordPress plugin is designed to import demo content from HashThemes.com. However, it’s possible for subscribers to use the demo importer as a tool to wipe out content on any WordPress site.

The HashThemes Demo Importer plugin allows you to easily import demos for WordPress themes with a single click. It also has no dependencies such as XML files, .json theme options, .dat customizer files or .wie widget files.
 
 
A security researcher named Ram Gall from Wordfence said that he reported the bug to the developer of the plug-in on Aug. 25. However, the developer did not respond for nearly a month. So, he got in touch with the WordPress team Sept. 20.
 

WordPress Yanks Plugin, Puts Out Fix

 
On the same day, the WordPress team removed the Hashthemes demo importer from their repository, and a patched version was made available a few days later. The team did not mention the removal or patch publicly.
 

I hope this article was helpful, if you have any questions please feel free to contact me. If you would like to be notified of when I create a new post you can subscribe to my blog alert.

Leave a Comment

4 + 2 =