Vulnerabilities and security researches forthemegrill-demo-importer themegrill-demo-importer

Apr 17, 2026

CVE, Research URL: CVE-2026-40730
Home page URL: Security reports for ThemeGrill Demo Importer
Application: ThemeGrill Demo Importer
Date: Apr 15, 2026
Research Description: Missing Authorization vulnerability in ThemeGrill ThemeGrill Demo Importer themegrill-demo-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ThemeGrill Demo Importer: from n/a through <= 2.0.0.6.
Affected versions: max 2.0.0.7.
Status: vulnerable

Oct 17, 2024

CVE, Research URL: CVE-2020-36837
Home page URL: Security reports for ThemeGrill Demo Importer
Application: ThemeGrill Demo Importer
Date: Oct 16, 2024
Research Description: The ThemeGrill Demo Importer plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the reset_wizard_actions function in versions 1.3.4 through 1.6.1. This makes it possible for authenticated attackers to reset the WordPress database. After which, if there is a user named 'admin', the attacker will become automatically logged in as an administrator.
Affected versions: max 1.6.2.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: 68284e071e534422835c01a36dda7e67d95fd795
Home page URL: Security reports for ThemeGrill Demo Importer
Application: ThemeGrill Demo Importer
Date: Dec 08, 2020
Research Description: ThemeGrill Demo Importer [themegrill-demo-importer] >= 1.3.4 - <= 1.6.1 WordPress ThemeGrill Demo Importer plugin <= 1.6.2 - Bypass and Database Wipe vulnerability Bypass and Database Wipe vulnerability discovered by Dave (Patchstack) in WordPress ThemeGrill Demo Importer plugin (versions <= 1.6.2).
Affected versions: Min 1.3.4, max 1.6.1.
Status: vulnerable