“Since it requires no suspicious-looking payload … it is not expected for any firewall to block this by default and a special rule needs to be created to block this vulnerability.” “This is a serious vulnerability and can cause a significant amount of damage,” according to WebARX researchers in a post this week. And, after carrying out this action, an attacker would also then be logged in as an administrator – giving them complete control over the website. One such function is the capability to wipe the entire database of the vulnerable website, bringing it to its default state and clearing website databases of existing posts and user roles.
![colormag pro hacked colormag pro hacked](https://bgr.com/wp-content/uploads/2021/11/Apple-ID-Threat-Notification.jpg)
Researchers disclosed a flaw in the plugin this week, which allows unauthenticated, remote attackers to execute some administrator functions – without checking if they are an administrator. It is unclear at this time what accounts for the drop in the number of WordPress plugin installs. According to WebARX, who discovered the flaw, on Tuesday that number has dipped to 100,000 installs. As of last week, the plugin had 200,000 active installations. This WordPress plugin helps users import and manage ThemeGrill templates on their sites. The ThemeGrill Demo Importer plugin is owned by ThemeGrill, which offers various templates for website outlines.
![colormag pro hacked colormag pro hacked](https://i2.wp.com/que.com/wp-content/uploads/2021/11/pexels-photo-5935794.jpeg)
#COLORMAG PRO HACKED UPDATE#
Researchers are urging users of a vulnerable WordPress plugin, ThemeGrill Demo Importer, to update as soon as possible after discovering attackers are actively exploiting a flaw in the plugin.