5 matches found
WordPress Access Control Error Vulnerability
WordPress is the WordPress Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress Plugin Hashthemes Demo Importer 1.1.1 and earlier is vulnerable to an access control...
CVE-2021-39333
The Hashthemes Demo Importer Plugin = 1.1.1 for WordPress contained several AJAX functions which relied on a nonce which was visible to all logged-in users for access control, allowing them to execute a function that truncated nearly all database tables and removed the contents of...
WordPress和WordPress plugin 安全漏洞
WordPress is the WordPress Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress Plugin Hashthemes Demo Importer 1.1.1 and earlier is vulnerable to an access control...
WordPress Plugin Bug Lets Subscribers Wipe Sites
Researchers have discovered a homicidal WordPress plugin that allows subscribers to wipe sites clean of content. The high-severity security flaw is found in Hashthemes Demo Importer, a plugin that’s used in more than 8,000 active installations. According to security researchers at Wordfence, the...
HashThemes Demo Importer < 1.1.2 - Improper Access Control to Blog Reset
The plugin does not have capability checks in some of its AJAX action, relying on CSRF nonces for this, which are displayed for any authenticated users. As a result, a user with a role as low as subscriber could use the hdiinstalldemo AJAX action to reset the entire blog including the tables in t...