WordPress Plugin Bug Lets Subscribers Wipe Sites

20
WordPress Plugin Bug Lets Subscribers Wipe Sites

Researchers have found a WordPress plugin that allows subscribers to delete sites with content. The most critical protection error is found in the Hashthemes Demo Importer, a plugin used for over 8,000 active installations.

According to Wordfence security researchers, the vulnerability allows any authorized user to completely remove the compromised site, permanently removing almost all website content and all downloaded media.

The HashThemes Demo Importer plugin is designed to let admins easily import demos for WordPress themes with a single click.

Source: Threatpost

For more such updates follow us on Google News ITsecuritywire News