WordPress Plugin Vulnerability ThemeGrill Demo Importer >1.3.4 and < 1.6.1
https://www.webarxsecurity.comThe ThemeGrill Demo Importer plugin has 200.000+ active installations and can be used to import ThemeGrill official themes demo content, widgets and theme settings with just one click. In versions 1.3.4 and above and versions 1.6.1 and below, there is a vulnerability that allows any unauthenticated user to wipe the entire database to its default state after which they are automatically logged in as an administrator. Based on the SVN commit history, this issue has existed in the code for roughly 3 years, since version 1.3.4.
The issue has been fixed in Version 1.6.2 which is available now from the WordPress Plugin Repo.
