2 matches found
CVE-2020-36333
ThemeGrill Demo Importer prior to 1.6.2 is vulnerable via a reset_wizard_actions hook that allows unauthenticated users to wipe the entire WordPress database. The issue affects versions from 1.3.4 upward and 1.6.1 and below, enabling a full database reset to default state and automatic administra...
CVE-2020-36334
The CVE affects the WordPress plugin themegrill-demo-importer, with versions before 1.6.3. The vulnerability is cross-site request forgery (CSRF) in the plugin, demonstrated by the ability to wipe the database. Root cause details are not explicitly provided beyond the CSRF issue. Impact, as state...