A WordPress plugin is currently suffering from a severe vulnerability threat.
Wordfence has reported a high vulnerability threat level on the Access Demo Importer WordPress Plugin.
It is recommended to upgrade your plugin as quickly as humanly possible in order to mitigate any issues from this threat.
What Is the Access Demo Importer WordPress Plugin?
This plugin allows a website owner to import demo content for themes that are configured to use the plugin.
It’s an easy way to import demo content without writing or creating it.
This plugin is an excellent option for website creators who just don’t want to spend all that time creating demo content for their themes.
How Bad Is the Security Threat?
This security threat has a threat level CVSS Score of 8.8 which is considered high and very severe.
One aspect of the plugin’s ability to import content was insecurely implemented, which means that any authenticated users could upload arbitrary files.
According to Wordfence:
Unfortunately, this function had no capability check, nor any nonce checks, which made it possible for authenticated users with minimal permissions, like subscribers, to install a zip file as a ‘plugin’ from an external source. This ‘plugin’ zip file could contain malicious PHP files, including web shells, that could be used to achieve remote code execution once extracted and ultimately be used to completely take over a site.”
How Do You Protect Yourself from This Vulnerability?
Assuming you don’t have any major issues occurring on your site as a result, we recommend that you first upgrade any version of this plugin that you have installed.
Otherwise, you could run the risk of someone being able to access your site and hack the files.
In general, regular plugin updates are the best way to ensure that you keep your site secure and don’t run into any major issues down the line.