The owners WordPress sites using commercial themes from ThemeGrill they are invited to update one of the plugins installed on these issues as there is one critical vulnerability which can erase sites.
The vulnerability was identified in ThemeGrill Demo Importer, a plugin that comes with its themes company ThemeGrill, which specializes in creating and developing pages and sells themes for WordPress sites.
The plugin, which is installed on more than 200.000 sites, allows owners to add demos to ThemeGrill themes so they have examples and a starting point to build their sites.
A remote attacker could send a specially designed payload to vulnerable sites and activate a feature within the plugin.
This mode could delete all the content of the vulnerable sites. In short, all WordPress sites that have a ThemeGrill theme enabled with the vulnerable plugin could be deleted.
According to WebARX researchers, vulnerability is affected all versions of the ThemeGrill Demo Importer plugin, from 1.3.4 to 1.6.1.
ThemeGrill, the company that created the plugin, fixed it error circulating it update 1.6.2 during the weekend. Vulnerable site owners are urged to use the new version to protect their sites.
One month ago another WordPress plugin was discovered that could delete it content of vulnerable sites. That vulnerability had been found in WordPress Database Reset, which was installed on more than 80.000 sites in total.