Cause : ThemeGrill Demo Importer < 1.6.3 – Auth Bypass & Database Wipe

A critical bug was reported with ThemeGrill Demo Importer plugin. This allows the affected plugin to execute some functions with administrative privileges on the WordPress website.

The prerequisite is that there must be a theme installed and activated that was published by ThemeGrillm Eg. Colormag. In order to be automatically logged in as an administrator, there must be a user called “admin” in the database. Regardless of this condition, the database will still be wiped to its default state.

You need to either remove the plugin or update it immediately to version 1.6.3.

• cPanel
• Linux
• MySQL
• wordpress